The Treasury Department published a guidance notice in tomorrow’s Federal Register (81 FR 95312-95313) concerning the application of the Terrorism Risk Insurance Program (TRIP) to certain forms of stand-alone cyber liability insurance policies under provisions of Terrorism Risk
Insurance Act (TRIA) of 2002, as amended.
There have been concerns about whether or not cyber liability insurance policies are covered under the TRIP. In general, as of January 1st, 2017 “policies reported for state regulatory purposes under the Cyber Liability sub-line on Line 17—Other Liability of the NAIC's Exhibit of Premiums and Losses (commonly known as Statutory Page 14) are considered “property and casualty insurance” under TRIA.”
As expected with anything deal with insurance, there are some caveats to that general guidance. For existing policies, those cyber liability policies are covered so long as:
• The insurer offered coverage for insured losses subject to the required disclosures under 31 CFR 50 Subpart B; or
• The insurer demonstrates that the appropriate disclosures were provided to the policyholder before the date of any certification of an act of terrorism.
As of April 1st, 2017, any new cyber liability policies will have to include those required disclosures when issued for the insurance to be covered under TRIP.
Having sold insurance for a short while a large number of years ago (which makes me as qualified to advise about insurance as I am about legal matters – NOT), I know that details make a great deal of difference. If you want to ensure that your cyber liability insurance is covered under TRIP, get something in writing from the insurance company stating that your policy conforms to the guidance provided in tomorrow’s Federal Register. And then, get it reviewed by an insurance lawyer.