Congresswoman Promotes Cyber Insurance Amid Shifting Policy Landscape

A spokeswoman for Alice Slotkina, N.C., urged critical infrastructure facilities to consider obtaining cyber insurance in preparation for ransomware attacks, even though she acknowledged that it could be a challenge for those with fewer resources.

“We know that small and medium-sized businesses, small and medium-sized governments do not have firms that take care of everything for them,” she said, opening a hearing on Tuesday in the commission on intelligence and counter-terrorism. “Not everyone can afford cybersecurity insurance, which I urge all leaders to pay attention to.”

Slotkin heads the subcommittee. Her comments come amid concerns from her constituents, to whom she addressed at field hearings in her state, and as a Government accountable reports restrictions on both the private cyber insurance industry and the Ministry of Finance’s terrorism insurance program to eliminate the potential cascading effects of a cyber attack.

GAO invited the Treasury to work with the Cybersecurity and Infrastructure Security Agency in a congressional report on the essence of creating a federal cyber insurance program.

Giving testimony to the subcommittee, the Department of Homeland Security’s cybersecurity staff did not confirm Slotkin’s promotion of current cyber insurance options as an indisputable benefit to organizations.

“Several years ago, one of our local infrastructure authorities paid $ 25,000 as a ransom to unlock their intercom system. In addition, the response to the attack cost them $ 2.4 million, ”said Slotkin, citing the question of Matt Hartmann, CISA’s deputy executive director for cybersecurity. “Fortunately, the attack did not disrupt our power grid or our water distribution networks, and they had insurance that provided protection against grid failure.”

Slotkin cited another example, saying that a small town demanded a ransom of $ 40,000, “fortunately they had insurance, otherwise it would have to be borne by the local government, which simply cannot afford it.”

“There are many organizations that don’t have this insurance, that don’t have this pillow … Tell me, what can you do for our smallest businesses and who do they call when they come to work and have a problem?” She asked.

Hartman identified key cybersecurity measures that organizations should actively pursue, and stressed the importance of contacting CISA.

Also testifying in the subcommittee, Iranga Kahangama, Assistant Secretary for Cyber, Infrastructure, Risk and Sustainability Policy in the Office of Strategies, Policies and Plans DHS, said that issuing a cyber insurance policy could even make the organization a more attractive target for cybercriminals.

“They will conduct market research on victims who can afford it [a ransom]”Kahangama said, listing other factors, such as determining the ideal time to attack – when organizations need their systems the most. “They will look at people who have cyber insurance to see if they are more receptive to payment [the ransom]».