The Treasury Department’s Federal Insurance Office (FIO) is looking for feedback through a request for information (RFI) on whether or not the Federal government should offer insurance for “catastrophic” cyber incidents.
The RFI comes in response to a recommendation by the Government Accountability Office (GAO) that FIO and the Cybersecurity and Infrastructure Security Agency (CISA) work together to determine the extent to which the risks to U.S. critical infrastructure from cyberattacks warrant a Federal insurance response.
FIO and CISA have both agreed to conduct the assessment and are also coordinating with the Office of the National Cyber Director on the project.
“Consistent with the U.S. Government Accountability Office’s recommendation, we look forward to receiving stakeholder input from this request for information on a potential Federal insurance response to catastrophic cyber incidents,” U.S. Assistant Secretary for the Treasury for Financial Institutions Graham Steele said in a press release.
Through the RFI, FIO hopes to gather comments on the risks of cyber incidents to U.S. critical infrastructure and existing private market insurance protection for those risks. Additionally, FIO wants to know if a Federal insurance response is needed, and if so, how the response should be structured.
FIO said it has increased its data collection in this area with regard to the Terrorism Risk Insurance Program (TRIP). The agency plans to look at Federal insurance responses outside of TRIP, but will also consider “how potential responses could interact with, or be part of, TRIP.”
“State and Federal governments have responded in a variety of ways to situations in which the private market is unable to provide sufficient or affordable insurance, and FIO seeks input on a wide range of options and potential response structures,” the RFI says.
Comments are due by Nov. 14.