The National Association of Insurance Commissioners’ (“NAIC’s”) Cybersecurity Task Force and Property and Casualty Insurance Committee are jointly considering whether to require a cybersecurity insurance coverage supplement in addition to the already-required Property and Casualty Annual Statement. The supplement, which would be due April 1 annually, would be required of every reporting carrier writing a stand-alone cybersecurity insurance policy or including such coverage in a commercial multi-peril package policy.
According to the NAIC, the idea behind requiring the additional report is to gain a better understanding of the cybersecurity insurance market, including what carriers are dominating the market, how much premium is being collected, and the amount and nature of the claims being submitted. The NAIC’s Cybersecurity Task Force is also in the process of finalizing its “Principles for Effective Cybersecurity Insurance Regulatory Guidelines,” for which the comment period concluded on April 10, 2015. The Principles are the subject of a separate article in this newsletter.
The latest draft of the proposed cybersecurity insurance coverage supplement and associated guidelines were discussed at the Spring 2015 NAIC meetings in Phoenix. The supplement is just another example of how important regulators view the role of cyber insurance in managing cyber risks, both from a preemptive risk prevention perspective, as well as from a reactive financial exposure mitigation perspective. Along those lines, meetings between state insurance regulators and federal officials regarding best practices for cybersecurity in the insurance sector took place in late April at the Treasury Department.
Cyber insurance is attracting the interest of others besides regulatory agencies. Lawmakers themselves have taken an interest in the subject. The Senate Commerce Committee's Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security held what Senator Jerry Moran declared to be the first ever congressional hearing on cyber insurance on March 19. At the hearing, Senator Moran expressed interest in learning more about how cyber insurance may prove to be “a market-led approach to help businesses improve their cybersecurity posture by tying policy eligibility or lower premiums to better cybersecurity practices.” More information about the hearing can be found here.