US Insurance Trade Groups Fight Defense Bill Adding Cyber Insurance Regulation
Industry groups say in addition to the increased costs and security concerns, their members don’t collect the kind of granular data that would be sought.
- Timothy Darragh
- August 2022
A coalition of property/casualty insurance trade groups is urging Congress to reject language in a defense reauthorization package that would include new regulations requiring additional spending to collect data not collected by insurers now.
Writing to U.S. Reps. Bennie Thompson and John Katko, the chairman and ranking member of the House Committee on Homeland Security, the trade groups said they support public/private solutions to the growing threat of cyberattacks.
However, language added to the National Defense Authorization Act goes too far, they said.
The language calls for creation of an Office of Cyber Statistics that has “misguided provisions” requiring insurers to file data on covered cyber claims.
“If passed, this language would be an unwarranted intrusion into the contractual relationship between insurance providers and their customers,” the coalition said. “It would also serve as a precursor to a reporting mandate that would present a host of challenges on businesses of all sizes due to significant costs, limits on the availability of information sought, and potential new enforcement issues.”
The letter was signed by representatives of the National Association of Mutual Insurance Companies, the Independent Insurance Agents and Brokers of America, the American Property Casualty Insurance Association and the Council of Insurance Agents and Brokers.
In addition to the increased costs and security concerns, the trade groups said their members don't collect the kind of granular data that would be sought and that information collected by legal counsel representing companies victimized in a cyberattack is privileged.
“The proposal could lead to putting insurers in a difficult situation between promptly paying valid claims or failing to report information,” it said.
Finally, the letter said insurers—primarily regulated on the state level—are already heavily regulated. Now, it said, they are facing more oversight by the federal Cybersecurity and Infrastructure Security Agency and potentially the U.S. Securities and Exchange Commission.
Attempts to obtain comment from Thompson's and Katko's offices were not immediately successful.
When the National Association of Insurance Commissioners met at the Spring Meeting, one of the main attractions was the Innovation, Cybersecurity and Technology (H) Committee, which made its debut on a national stage.