GAO-21-477, CYBER INSURANCE: Insurers and Policyholders Face Challenges ...
May 2021
United States Government Accountability Office
Report to Congressional Committees
CYBER INSURANCE
Insurers and Policyholders Face Challenges in an Evolving Market
GAO-21-477
Highlights of GAO-21-477, a report to congressional committees
May 2021
CYBER INSURANCE
Insurers and Policyholders Face Challenges in an Evolving Market
Why GAO Did This Study
Malicious cyber activity poses significant risk to the federal government and the nation's businesses and critical infrastructure, and it costs the U.S. billions of dollars each year. Threat actors are becoming increasingly capable of carrying out attacks, highlighting the need for a stable cyber insurance market.
The National Defense Authorization Act for Fiscal Year 2021 includes a provision for GAO to study the U.S. cyber insurance market. This report describes (1) key trends in the current market for cyber insurance, and (2) identified challenges faced by the cyber insurance market and options to address them.
To conduct this work, GAO analyzed industry data on cyber insurance policies; reviewed reports on cyber risk and cyber insurance from researchers, think tanks, and the insurance industry; and interviewed Treasury officials. GAO also interviewed two industry associations representing cyber insurance providers, an organization providing policy language services to insurers, and one large cyber insurance provider.
What GAO Found
Key trends in the current market for cyber insurance include the following:
? Increasing take-up. Data from a global insurance broker indicate its clients' take-up rate (proportion of existing clients electing coverage) for cyber insurance rose from 26 percent in 2016 to 47 percent in 2020 (see figure).
? Price increases. Industry sources said higher prices have coincided with increased demand and higher insurer costs from more frequent and severe cyberattacks. In a recent survey of insurance brokers, more than half of respondents' clients saw prices go up 10?30 percent in late 2020.
? Lower coverage limits. Industry representatives told GAO the growing number of cyberattacks led insurers to reduce coverage limits for some industry sectors, such as healthcare and education.
? Cyber-specific policies. Insurers increasingly have offered policies specific to cyber risk, rather than including that risk in packages with other coverage. This shift reflects a desire for more clarity on what is covered and for higher cyber-specific coverage limits.
Cyber Insurance Take-up Rates for a Selected Large Broker's Clients, 2016?2020
View GAO-21-477. For more information, contact John Pendleton at (202) 512-8678 or pendletonj@.
The cyber insurance industry faces multiple challenges; industry stakeholders have proposed options to help address these challenges.
? Limited historical data on losses. Without comprehensive, high-quality data on cyber losses, it can be difficult to estimate potential losses from cyberattacks and price policies accordingly. Some industry participants said federal and state governments and industry could collaborate to collect and share incident data to assess risk and develop cyber insurance products.
? Cyber policies lack common definitions. Industry stakeholders noted that differing definitions for policy terms, such as "cyberterrorism," can lead to a lack of clarity on what is covered. They suggested that federal and state governments and the insurance industry could work collaboratively to advance common definitions.
United States Government Accountability Office
Contents
Letter
Appendix I Figures
1
Background
3
Cyber Insurance Coverage Varies by Industry and Entity Size, but
Growing Cyber Risk Creates Uncertainty in Evolving Market
5
Cyber Insurance Industry Faces Multiple Challenges, but Options
Have Been Proposed to Address Them
13
Agency Comments
20
GAO Contact and Staff Acknowledgments
21
Figure 1: Cyber Insurance Take-up Rates for a Selected Large
Broker's Clients, 2016?2020
5
Figure 2: Cyber Insurance Take-up Rates for a Selected Large
Broker's Clients, by Industry, 2016?2020
7
Figure 3: Direct Written Premiums and Policies in Force for Cyber
Insurance, 2016?2019
9
Figure 4: Change in Cyber Insurance Premiums, 2017?2020
11
Page i
GAO-21-477 Cyber Security Insurance
Abbreviations
NAIC Treasury TRIA TRIP
National Association of Insurance Commissioners Department of the Treasury Terrorism Risk Insurance Act Terrorism Risk Insurance Program
This is a work of the U.S. government and is not subject to copyright protection in the United States. The published product may be reproduced and distributed in its entirety without further permission from GAO. However, because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately.
Page ii
GAO-21-477 Cyber Security Insurance
441 G St. N.W. Washington, DC 20548
Letter
May 20, 2021
The Honorable Jack Reed Chairman The Honorable James M. Inhofe Ranking Member Committee on Armed Services United States Senate
The Honorable Adam Smith Chairman The Honorable Mike Rogers Ranking Member Committee on Armed Services House of Representatives
The cost of malicious cyber activity to the U.S. economy was between $57 billion and $109 billion in 2016, according to the White House Council of Economic Advisers.1 Since 1997, we have designated cybersecurity as a government-wide high-risk area, and U.S. businesses and other entities continue to face significant cybersecurity risks with the potential for large losses.2 Some members of Congress and others have raised questions about the availability, affordability, and stability of the cyber insurance market. Cyber insurance is a broad term for policies that cover liability and property losses from events adversely affecting electronic activities and systems.3
The National Defense Authorization Act for Fiscal Year 2021 includes a provision for us to review the state and availability of insurance coverage in the United States for cybersecurity risks.4 This report addresses (1) the
1Council of Economic Advisers, The Cost of Malicious Cyber Activity to the U.S. Economy (Washington, D.C.: February 2018).
2GAO, High Risk Series: Dedicated Leadership Needed to Address Limited Progress in Most High-Risk Areas, GAO-21-119SP (Washington, D.C: Mar. 2, 2021).
3More specifically, cyber insurance generally refers to policies that address first-party losses to a policyholder and third-party losses to a policyholder's client or customer as a result of an event that jeopardizes the confidentiality, integrity, and availability of an
information system.
4William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. No. 116-283, ? 9005, 134 Stat. 3388, 4777 (2021).
Page 1
GAO-21-477 Cyber Security Insurance
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- gao 21 477 cyber insurance insurers and policyholders face challenges
- information technology and cybersecurity funding white house
- ishares cybersecurity and tech etf
- the us national defense authorization act for fiscal year 2021
- 2021 cyber insurance market update gallagher
- in the c suite cyberwarfare 2021 report cybercrime magazine
- esg research report the life and times of cybersecurity professionals
- report on the cybersecurity insurance market national association of
- fy2021 federal cybersecurity r d strategic plan implementation nitrd
- top cybersecurity trends for 2021 and beyond homeland security affairs
Related searches
- auto insurance reviews and ratings
- permanent life insurance pros and cons
- nevada insurance laws and regulations
- life insurance reviews and ratings
- term life insurance ratings and rankings
- new york life insurance reviews and ratings
- frontline insurance reviews and complaints
- health insurance advantages and disadvantages
- life insurance 85 and older
- life insurance 80 and over
- health insurance terms and definitions
- before and after face lifts