Map of Australia with highlighted cities

Emerging cyber terrorism threats and the Federal Terrorism Risk Insurance Act

Published on February 6, 2020

Tweet
Cyber is a relatively new, evolving risk. Insurers manage their exposures, in part, by setting coverage limits and excluding events they don’t want to insure.

On December 20, 2019, President Trump signed a federal funding package that includes a seven-year extension of the Terrorism Risk Insurance Act (TRIA). TRIA provides for a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism.

Passage of the act was met with resounding approval by the insurance industry. You can read more about it here.

A critical mandate of the TRIA extension is for the Government Accountability Office (GAO) to make recommendations to Congress about how to amend the statute to address emerging cyberthreats. Triple-I recently hosted an exclusive members-only webinar featuring Jason Schupp of the Centers for Better Insurance, who discussed issues likely to be addressed by the GAO report.

Schupp said the report will likely serve as a starting point for a discussion about cyber threats and how the insurance industry can better meet the needs of businesses, nonprofits and local governments for cyber insurance. It will address:

Vulnerabilities and potential costs of cyber-attacks to the United States; Whether adequate coverage is available for cyber terrorism; Whether cyber terrorism coverage can be adequately priced by the private market; Whether TRIA’s current structure is appropriate for cyber terrorism events; and Recommendations on how Congress could amend TRIA to meet the next generation of cyber threats.

Cyber terrorism is already covered under TRIA, but such acts don’t fit neatly into the TRIA framework. Because cyber limits and conditions are already narrow, TRIA’s current make available requirement has not been effective in providing coverage for cyber-terrorism events at the same limits and conditions as non-cyber events.

Schupp proposes that the requirement be amended so the coverage doesn’t exclude insured losses specific to the loss of use, corruption or destruction of electronic data or the unauthorized disclosure of or access to nonpublic information.

But expanding the requirement carries considerable risk. If insurers are required to make more coverage available for cyber events than they are comfortable with the result could be a pullback in property and liability insurance generally – not just for cyber events. Any expansion must be balanced with the terms of the backstop.

Schupp concluded that the GAO’s investigation and report (which is required to be completed by June 2020) is likely to kick off a multi-year debate that could substantially redefine U.S. cyber insurance markets. Insurers, policyholders and other stakeholders should engage accordingly.

To learn about how to become a member of Triple-I visit iiimembership.org.

Related Articles

Map of Australia with highlighted trades

January 8, 2019

The Insurance Information Institute’s 37th Annual Property/Casualty Joint Industry Forum

Read more >
Map of Australia with highlighted trades

June 10, 2019

J.D. Power Study on insurers and data: a matter of trust

Read more >
Map of Australia with highlighted trades

November 25, 2019

Advisen Event Panelists Proclaim Hard Market in Property Insurance

Read more >
Map of Australia with highlighted trades

January 23, 2020

I.I.I. Joint Industry Forum: Panel Discussion on the Future of Insurance Marketing

Read more >
Map of Australia with highlighted trades

January 17, 2020

Joint Industry Forum 2020: A clear vision for the insurance industry

Read more >
Map of Australia with highlighted trades

February 26, 2020

Preparing for a pandemic should be part of every household’s emergency plan

Read more >