Last month, Sen Hickenlooper (D,CO) introduced S 245, the Insure Cybersecurity Act of 2025. The bill would require the Department of Commerce to convene an interagency working grout to look at issues related to cyber insurance. Once a report from the working group is produced, DOC would be required to provide the public with “informative resources for cyber insurance stakeholder”. No funding is authorized by this bill.
The bill is very similar to S 513 that was introduced by Hickenlooper in January 2023. No action was taken on that bill. Significant changes were made in S 245, including adding the Federal Trade Commission and at least one State insurance regulator to the list of Working Group members. There were also numerous minor changes to the focus of listed activities for the Working Group.
Moving Forward
Both Hickenlooper and his sole cosponsor {Sen Capito (R,WV)} are both member of the Senate Commerce, Science and Transportation Committee to which this bill was assigned for consideration. This means that there should be sufficient influence to see the bill considered in Committee. I see nothing in the bill that would engender any significant opposition. I expect that the bill would receive bipartisan support.
The bill is not ‘important’ enough to be considered on the floor of the Senate under regular order. I suspect that the bill could be considered under the Senate’s unanimous consent process, but you never can tell what unrelated opposition could lead to an objection under that process.
Commentary
This bill makes no attempt at establishing any regulatory framework for cybersecurity insurance, which would probably be the death knell of bill currently containing such provisions. The crafters of this bill did do Congress a disservice, however, when they did not take advantage of this working group to outline what future regulation legislation might look like. I would have added the following subparagraph (K) to Section 3(c)(1):
(K) Identify any
regulatory frameworks that may have been proposed to govern the issuance of
cyber insurance.
For more details about the proposed legislation, see my article at CFSN Detailed Analysis - https://chemical-facility-security-news.blogspot.com/2025/02/review-s-245-introduced-insure.html [link added 2-6-25 11:50 pm EST] - subscription required.
Posts
No comments:
Post a Comment