Insure Cybersecurity Act of 2025
This bill requires the National Telecommunications and Information Administration (NTIA) to establish a working group on cyber insurance policies. Under the bill, these are defined as policies that offer coverage for losses, damages, and costs incurred due to cyberattacks and related incidents.
The working group is directed to analyze and address issues in the cyber insurance market facing both insurers and their customers. Specifically, the working group must develop information for customers on how to effectively evaluate policy options, and for insurers on how to clearly communicate with customers regarding policy provisions.
Additionally, the working group is directed to analyze and explain in layman’s terms
- terminology commonly used in cyber insurance policies, including terminology used to include or exclude coverage for losses from cyber incidents;
- how common policy provisions correspond to cyber incidents and potential responses, including ransomware and potential ransom payments; and
- constraints faced by insurers in covering higher losses in cyber risk areas, such as reputational damage and loss of intellectual property.
At the conclusion of the working group's term, NTIA must publish and disseminate informative resources for cyber insurance stakeholders, including any recommendations formulated by the working group.