The U.S. Treasury, under the National Cybersecurity Strategy, is exploring the idea of a federal cyber insurance backstop, primarily targeting catastrophic cyber risks. This initiative, as outlined by Graham Steele from the Treasury Department, seeks a balanced federal response that both manages extreme cyber threats and complements the growing private cyber insurance market. Steele, speaking at a conference, emphasized the need for a federal program that doesn’t overly burden the government while still promoting robust cybersecurity practices in the private sector.
The challenge lies in the uniqueness of cyber threats compared to natural disasters, particularly due to the lack of historical data for catastrophic cyber losses and the boundary-transcending nature of such risks. While the private cyber insurance market has seen significant growth, from $4.8 billion in direct premiums in 2021 to about $7.2 billion in 2022, catastrophic cyber incidents pose an increasing threat. Recent events like the ransomware attack on the Industrial & Commercial Bank of China highlight the escalating frequency and impact of cyber threats, underscoring the potential inevitability of a major cyber event.
The Treasury’s focus in 2024 will be on determining the most effective federal response to these catastrophic cyber risks. The aim is to establish a strategy that ensures stability and resilience against cyber threats, while fostering a healthy balance with the private cyber insurance industry. This approach reflects a proactive stance in safeguarding against potentially devastating cyber incidents.