GAO Cyber Threats Study (TRIA)

Photo by NeONBRAND on Unsplash

First Published February 5, 2020

The recent extension of the federal Terrorism Risk Insurance Act (TRIA) mandates GAO to undertake an assessment of how the cyber exposure is treated under the existing program and whether TRIA should be expanded to include a wider range of cyber events.

The Centers for Better Insurance is proposing a constructive framework as a way GAO may wish to approach this report. Specifically, the attached framework examines:

• The current cyber insurance market
• The types of cyber events that could be considered for inclusion in the program
• The nature of a meaningful cyber make available requirement
• Challenges with the current backstop structure

While TRIA is probably not the right fit for a broader cyber program, it does serve as a useful jumping off point for industry, policyholders, state insurance regulators and other stakeholders to consider lessons learned from the terrorism insurance experience.