During a House Homeland Security Committee hearing last week, Rep. Andrew Garbarino (R-NY) questioned witnesses about cyber insurance.
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Fuel your success with Forbes. Gain unlimited access to premium journalism, including breaking news, groundbreaking in-depth reported stories, daily digests and more. Plus, members get a front-row seat at members-only events with leading thinkers and doers, access to premium video that can help you get ahead, an ad-light experience, early access to select products including NFT drops and more:
https://account.forbes.com/membership/?utm_source=youtube&utm_medium=display&utm_campaign=growth_non-sub_paid_subscribe_ytdescript
Stay Connected
Forbes on Facebook: http://fb.com/forbes
Forbes Video on Twitter: http://www.twitter.com/forbes
Forbes Video on Instagram: http://instagram.com/forbes
More From Forbes: http://forbes.com
Category
🗞
NewsTranscript
00:00Recognize myself now for five minutes of questioning. Mr. McCabe, you look like
00:06you were jumping out of your seat when Mr. Swalwell asked Mr. Kudel the question
00:09about standardization and I wanted to let you know whether the federal
00:13government should get involved or not because you know insurance is usually
00:16it's a state issue. We let each state come up with their own rules and it's
00:20governed by the state. So you know what was your response to that question?
00:24I was just leaning in to hear the question. But you know I understand the
00:31issue around standardizing language. I mean when the policies are written
00:35differently and it's not your nine-to-five job to review cyber
00:39insurance policies it could be confusing one to the other. I can confirm that
00:44there's a wide amount of overlap for every cyber insurance policy. They
00:48largely cover the same thing. They largely have the same exclusions. A lot
00:53of the language is very common. The one thing about standardization that
00:57doesn't make me feel particularly good is it's still an emerging line of
01:01coverage. There's still a point of innovation where carriers are coming out
01:06and trying to figure out how they want to address the risk. They're coming up
01:10that there is a very innovative approach by one carrier where they've defined a
01:14widespread event that's going to have many of their insureds impacted. They
01:20will provide full limits for that event but why they do it is they design their
01:25own exposure mitigation behind it. So they're thinking through what their
01:30aggregation risks are and sometimes that language is going to be reflected in how
01:34they write the policy and you would hate to see some kind of very regulatory
01:39effort to stymie that. This is just a follow-up question because if we do if
01:47there is somehow I know some people have said federal backstop. I'm not
01:52saying that's the answer and I don't know how people want to get into that
01:56today but if the federal government does do a backstop should we should and again
02:01I'm a huge proponent of states doing insurance. I do not want us taking over
02:06the federal government taking over any sort of insurance policy or it really
02:13but if we do have a backstop how much I'm a screw you can jump in on this too
02:17how much should we be involved though in in the issuing of policies in the what
02:26should we what should our if we're gonna if we're gonna get involved with the
02:29with the with the money what else should we get involved with? Thank you for the
02:35question I can jump on it. We had two examples today TRIA as well as
02:41NFIP. I mean they designed for different purposes and the involvement of
02:47government in private sector. You know to the extent the issue private cyber
02:54insurance market has the limitations it's really the lack in the coverage
02:59primarily into the the realm of a catastrophic risk trade and although we
03:06have new players coming into ILS and reinsurance market recently that market
03:12is still maturing. It's not there good enough. We would my personal opinion is a
03:22government reinsurance facility that structured somewhat like TRIA is
03:29probably a much better line approach so that the government does not have to sit
03:34in as a insurer alongside other insurance like the NFIP does. Although
03:40NFIP program has an amazing risk management practices and codes there's
03:46obviously best of the both but most of the limitation on the primary cyber
03:52market is because of a lack of mature maturity into the catastrophic risk
04:01trade really. Any other witnesses? I just would resist any kind of framing that
04:08said the backstop is about what we need to do for insurance companies because
04:13that's not true at all. So insurance policies contain a war
04:18exclusion for nation-state attacks and they contain exclusions about disabling
04:23disrupting critical infrastructure and the thought is that if we're gonna have
04:27this big of a catastrophic event it's gonna trigger one of these two
04:30exclusions and the insurance carriers are not going to have to pay on those
04:34losses. That's their way of managing their exposure. What the backstop is
04:39about are the companies that are going to be left with that risk on their own
04:44books and how is the government going to help those small and medium-sized and
04:48large businesses that are going to be impacted. It's a US economic security
04:52problem. Absolutely look we've seen you know colonial pipeline change health
04:59care we've seen a these are small compared to what we're talking about
05:02today. I mean this is what what you know and I'm gonna follow up I'm gonna do a
05:07second round of question but this is we're talking about things that people
05:12aren't even expecting and I know Mrs. Lewis you made the comment about we got
05:16a we might have to go on the offense against some of our and that's something
05:19mr. Jimenez loves to talk about I wish he was here so we could talk about it
05:23further but yeah this is not you know people think of cyber attacks here that
05:30they think of colonial pipeline they could change those that's just that's
05:33nothing compared to what what could actually happen and where this would
05:37really trigger so I'm gonna go come around for a second question but I know
05:40I'm out for this time so I'm gonna represent my friend from Mississippi
05:43Mr. Zell for five minutes of questions. Thank you Mr. Chairman and thank you all
05:47for being here today and discussing this and thank you