What constitutes a cyber-terrorist attack and why doesn’t the reauthorization of the federal terrorism backstop have a cyber terrorism provision?
I’m not asking rhetorically. I don’t know the answer. I’m really asking.
Before getting to Advisen, I wrote about cyber risks plenty of times. But here at Advisen I’ve honed in on this specific risk for the last 5 months or so to get our Cyber Risk Network off the ground. And you know what? I’m terrified.
I’ve had my nose in too many reports not to be terrified. I’ve found a dangerously underpriced market underwriting cyber-related risk it has very little grasp of, if we’re all honest.
Aggregates are near impossible to assess unless someone I’ve yet to meet has a firm grasp of his or her carrier’s total exposure to a hacking of the cloud.
And what about cyber terrorism? Who are cyber terrorists? Are hacktivists included? Do I dare ask how much damage there can be from a cyber-terrorist attack on our energy infrastructure, for instance.
ALSO READ: “Cyber Terror” by William L. Tafoya
Now would seem an appropriate time to address this issue and define terms as Congress mulls the reauthorization of the Terrorism Risk Insurance Act — first enacted in 2002 following 9/11 and reauthorized in 2005 and 2007. It is set to expire on December 31. This federal backstop kicks in after a certified terrorist attack, which is a shady classification since the Boston Marathon bombings were not a certified terrorist attack (It didn’t meet certain property damage thresholds to trigger federal coverage anyway).
The US Senate Committee on Banking, Housing and Urban Affairs recently put forth a bill to reauthorize the act, but there is a lot of work to be done — to the actual language in the bill (Insurers are worried about an increase in retentions before federal assistance kicks in, for one.) and on the lobbying front (Congress is an election year and the bill’s lead sponsor, Rep. Michael Grimm, R-NY, was recently indicted on federal fraud and tax charges).
The highest levels of government have recognized and called out cyber-terrorism risk, putting together specialized task forces, working groups and studies. They’ve warned us the day will come. We will be attacked in this manner.
And for the same reasons it is difficult to insure other terrorism risks — it’s tough to predict or model human behavior — cyber terrorism should be included within TRIA.
This threat is real — certainly as real as the potential damage from other acts of terrorism addressed within the bill.
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
