The idea that a vibrant insurance market could be an industry-friendly cybersecurity solution may be based on a flawed assumption.
A broad range of federal contractors fear a watchdog report on the government’s role facilitating coverage of cybersecurity risks — included in the House-passed National Defense Authorization Act — will lead to a mandate that their companies hold related insurance policies.
In a recent letter to leaders of the House and Senate Armed Services committees, the Professional Services Council (PSC) opposed a provision in the House bill calling for the Government Accountability Office to produce recommendations after studying the state of the insurance industry and the extent to which it’s tied to minimum standards for cybersecurity.
The provision — Sec. 1710A — doesn’t require federal contractors to have cyber insurance policies, but it is grouped together in the letter with a number of other proposals around cyber threat hunting and intelligence sharing that are based on recommendations of the public-private, nonpartisan, congressionally established Cyberspace Solarium Commission.
The commission’s lawmakers — who represent the political spectrum — are trying to get as many of its recommendations as possible to survive conference negotiations and make it into the final annual defense authorization bill.