US watchdog is worried cyber insurance won't cover 'catastrophic cyberattacks'

The US Government Accountability Office (GAO) has warned that catastrophic cyberattacks are not receiving an adequate federal response, especially in that the cyber-insurance industry falls short when it comes to certain types of major attacks. The government spending watchdog warns that although the cyber-insurance market has risen and matured over the past few years, it still fails to properly assist critical infrastructure organizations in the event of a cyberattack that has costly repercussions. The GAO audits trillions of dollars in federal spending each year and filters through the transactions to detect when the government may not be doing enough in a certain area. The warning comes as the organization discovered that private insurers and US government official terrorism risk insurance, the Terrorism Risk Insurance Program (TRIP) may not be able to cover the financial losses arising from cyberattacks more frequently.

The GAO states that cyberattacks may not meet TRIP’s criteria to be certified as an act of terrorism, even if they result in massive financial loses. The GAO says that attacks must be violent or coercive to be certified, discounting many forms of cyberattacks that negatively affect businesses. The GAO says that it depends who perpetrates the cyberattack and whether it be cyber criminals or government entities such as North Korea, China, or Russia. According to the GAO, the US government should be ensuring that organizations can properly recover from attacks which are often used as a point of espionage by other governments or financial gain from threat groups.

Share this:

About OODA Analyst