From: Insurance Journal
By Molly E. Lang and John F. Mullen
The insurance industry will count on the Terrorism Risk Insurance Program (Program) if there is a terrorist strike on the United States, but will the Program respond if the act of terrorism is a cyber event?
Cyber terrorism is an emerging threat to be considered as debate surrounding the modernization and reauthorization of the Program intensifies. The Terrorism Risk Insurance Act (TRIA) of 2002 established the Program, which has been reauthorized twice, most recently by the Terrorism Risk Insurance Program Reauthorization Extension Act of 2007. While the Program provides a federal backstop for catastrophic terrorism events — above $100 million in losses — many have argued that whether and the extent to which it covers cyber terrorism is not entirely clear.
Fortunately, the Program, currently scheduled to expire on Dec. 31, 2014, has never been put to the test. As former Secretary of Homeland Security, Janet Napolitano, cautioned in her recent farewell address, the U.S. will “at some point, face a major cyber event that will have a serious effect on our lives, our economy and the everyday functioning of our society.” But questions remain regarding whether the federal backstop would be implicated if a cyber attack is considered terrorism.
TRIA requires certain commercial property and casualty insurers to make terrorism coverage available on terms similar to non-terrorism coverage. As set forth in the existing iteration of TRIA, the term “act of terrorism” means any act that is certified by the Treasury Secretary, in concurrence with the Secretary of State and the Attorney General.
Cyber Terrorism
It is certainly fathomable that an act of cyber terrorism could result in losses exceeding $100 million. What is not as evident is whether cyber terrorism would fall squarely into the requirement of being an act that is dangerous to human life, property or infrastructure. An additional concern is that TRIA’s geographic limitations do not realistically address the potential impact of a cyber terrorist attack.
A conference committee report from 2002 suggests that the original version of TRIA was intended to apply to cyber terrorism coverage. But what if damage resulting from a cyber event is not covered under the primary policy? Most commercial liability policies would not respond to an act of cyber terrorism. There would be questions about whether there is coverage for damage to networks or electronic data and systems.
The cyber liability policy market is relatively new, and the scope of coverage provided is developing. To the extent a cyber event is not covered under an underlying cyber policy, TRIA may not be implicated for cyber terrorism.
Some interested parties have suggested that damages resulting from cyber acts of terrorism falling under TRIA-covered lines of insurance may be covered by the act, but the Program has gaps to the extent cyber insurance is written as professional liability or another line that is not TRIA-covered. Others contend that clarifying TRIA’s application in the event of a massive cyber attack would encourage additional capacity in the cyber insurance market.
The Federal Insurance Office (FIO), which has been tasked with assisting the Treasury Secretary in administering the Program, is aware of the threats of cyber attacks and the potential implications on the insurance industry.
Any new or renewed policies reported as standaloneCyber Liability insurance must include disclosures slope unblocked and offers that comply with TRIA and the TRIA program regulations.
I believe that when it comes to the internet, it’s better to make sure that your files and documents are managed safely, otherwise it can lead to data leakage. That’s why I prefer working with reliable software by the link, and I have no idea how people can share and edit their documents without making sure that everything is secured the right way.