RIMS Letter to Federal Insurance Office Supports the Development of a Cyber Insurance Backstop

Cybersecurity Controls and Program Scope Critical to an Effective Federal Cyber Solution

November 21, 2022

NEW YORK (November 21, 2022)RIMS, the risk management society®, issued a comment letter to the Federal Insurance Office (FIO) in response to legislative dialogue regarding a federal backstop for large-scale catastrophic cyber incidents impacting infrastructure. RIMS letter addressing the “Potential Federal Insurance Response to Catastrophic Cyber Incidents” as published in the Federal Register (87 FR 59161 et seq.) is available here.

RIMS indicates that risk professionals would likely support a well-crafted federal cyber insurance backstop, however, the following concerns should be considered when developing a solution:

  • Determining whether the scope of the federal backstop should be limited to critical infrastructure or available to all organizations in light of an incident’s cascading impact;
  • If the backstop imposes cybersecurity controls, ensuring those controls align with existing external standards such as those issued by NIST or ISO;
  • Examining whether the federal cyber insurance response should be included in The Terrorism Risk Insurance Program (TRIP) or be kept independent.

“Cyber threats, and the devastation a cyber incident can have on an organization, consumers and systems, remain the top concern for risk management professionals around the globe,” said RIMS Chief Executive Officer Gary A. LaBranche, FASAE, CAE. “RIMS looks forward to working with federal policymakers to successfully develop a solution that provides greater financial protections for cyber events, paving the way for risk professionals to continue to make the world safer, more secure and more sustainable.”

According to the Federal Register notice of potential rulemaking: “Over the past several years, the Federal Insurance Office in the U.S. Department of the Treasury has continued its ongoing efforts with regard to both cyber insurance and insurer cybersecurity. Cyber insurance is a significant risk-transfer mechanism, and the insurance industry has an important role to play in strengthening cyber hygiene and building resiliency.”

RIMS will continue to monitor the development of a federal insurance backstop for catastrophic cyber incidents, as well as any new, evolving, and expiring legislation that impacts the global risk management community. For more information about RIMS advocacy initiatives, visit www.RIMS.org/advocacy.

Additionally, the RIMS Political Action Committee (RISK PAC) continues to solicit contributions to allow the Society to engage and support Members of Congress who have demonstrated their commitment to RIMS legislative priorities. To learn more about RISK PAC or to donate, visit www.riskpac.org

About RIMS
RIMS, the risk management society®️, empowers risk professionals to make the world safer, more secure, and more sustainable. Through networking, professional development, certification, advocacy, and research, RIMS and its 80 chapters serves more than 200,000 risk practitioners and business leaders from over 75 countries. Founded in 1950, the Society publishes the award-winning Risk Management Magazine and produces RISKWORLD®️, the largest annual gathering of global risk professionals. RIMS embraces diversity, equity and inclusion and welcomes all risk professionals to connect and learn, explore the online Risk Knowledge library, tune into the RIMScast podcast series, and engage via LinkedInTwitter, and Facebook. To learn more, visit www.RIMS.org.

 # # #

For more information, contact:

Josh Salter, Director of Communications, (212) 655-6059 or JSalter@rims.org

About RIMS

As the preeminent organization dedicated to promoting the profession of risk management, RIMS, the risk management society®, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS is committed to advancing risk management capabilities for organizational success, bringing networking, professional development and education opportunities to its membership of more than 10,000 risk management professionals who are located in more than 60 countries. For more information on RIMS, visit www.RIMS.org

About Us