White House Unveils New Cyber Insurance for Catastrophic Attacks

The White House is developing a new cyber insurance policy aimed at protecting against catastrophic cyber incidents. The new policy is expected to be unveiled by the end of the year, as announced by National Cyber Director Harry Coker at the Black Hat 2024 conference.

The objective of the new policy is to manage risks rather than avoid them, a necessity for stabilizing insurance markets and enhancing the nation’s cybersecurity posture. The U.S. government seeks to prepare for potential cyber incidents in advance, thereby avoiding the need for hasty emergency measures in the wake of a disaster. Such preparation is intended to bolster economic resilience and market confidence.

One of the primary challenges remains the lack of data for accurate risk assessment, an issue faced by actuaries—specialists who evaluate companies’ protection levels for insurance policies. Coker noted that efforts are currently focused on addressing this concern.

Although the specifics of the new policy have yet to be disclosed, ONCD representatives have confirmed that the current insurance market is inadequately prepared for catastrophic cyber incidents. Agencies are exploring various measures to improve national cybersecurity and ensure market stability.

The cyber insurance market has long been a subject of controversy. Experts argue that insurance payouts may inadvertently contribute to the rise in ransomware attacks, with some hackers even setting ransom amounts based on the victims’ insurance policies. Additionally, legal debates continue over the role of cyber insurance in the event of state-sponsored attacks.