Cybersecurity » TRIP May Not Cover Most Cyberattacks

TRIP May Not Cover Most Cyberattacks

A broken orange padlock over a tableau of zeros and ones.

July 5, 2022

The Government Accountability Office has issued a warning. The government’s Terrorism Risk Insurance Program (TRIP) cover cyberattacks if they can be considered “terrorism,” but “cyberattacks don’t necessarily meet the program’s criteria to be certified as terrorism. Attacks must be “violent or coercive in nature” to be certified, the GAO said. The question of how to label a cyberattack is central to insurability in the private market as well. For example, some of the most egregious attacks have been attributed to hostile governments rather than private actors, and several insurers have cited those attributions to avoid paying on policies that don’t cover “acts of war.” The GAO recommends that the Cybersecurity and Infrastructure Security Agency (CISA) work with the Director of the Federal Insurance Office to “produce a joint assessment for Congress on the extent to which the risks to the nation’s critical infrastructure from catastrophic cyberattacks, and the potential financial exposures resulting from these risks, warrant a federal insurance response.”

Share this post:

Find this article interesting?

Sign up for more with a complimentary subscription to Today’s General Counsel magazine.