Argue

Federal Contractors Argue Cyber Insurance Isn’t a Safe Bet for Better Security

A broad range of federal contractors fear a watchdog report on the government’s role facilitating coverage of cybersecurity risks—included in the House-passed National Defense Authorization Act—will lead to a mandate that their companies hold related insurance policies.

In a recent letter to leaders of the House and Senate Armed Services committees, the Professional Services Council opposed a provision in the House bill calling for the Government Accountability Office to produce recommendations after studying the state of the insurance industry and the extent to which it’s tied to minimum standards for cybersecurity.

The provision—Sec. 1710A—doesn’t require federal contractors to have cyber insurance policies, but it is grouped together in the letter with a number of other proposals around cyber threat hunting and intelligence sharing that are based on recommendations of the public-private, nonpartisan, congressionally established Cyberspace Solarium Commission. 

The commission’s lawmakers—who represent the political spectrum—are trying to get as many of its recommendations as possible to survive conference negotiations and make it into the final annual defense authorization bill.  

“PSC appreciates the extensive work of the Cyberspace Solarium Commission and believes that the report and many of its recommendations will significantly improve cybersecurity and cyber hygiene,” the group wrote. “That said, the inclusion of these specific provisions would require significant contractor community investments while providing few if any benefits to cybersecurity.” 

The commission proposes a whole new ecosystem of government and government-adjacent structures based on its preference for financial incentives instead of regulatory mandates. For at least a decade, policy makers on both sides of the aisle have posited that given a boost, cybersecurity insurance could perform the same role of government regulations in improving organizations’ cybersecurity practices. One way they saw of helping the market along, then and now, is to use the government’s purchasing power. 

“Insurers will require a

Continue Reading