To require the Assistant Secretary of Commerce for Communications and Information to establish a working group on cyber insurance, to require dissemination of informative resources for issuers and customers of cyber insurance, and for other purposes.
Summary
What This Bill Does
The bill defines cyber insurance terms, directs the Assistant Secretary of Commerce for Communications and Information to chair a working group with CISA, NIST, Treasury, Justice, FTC, and a state insurance regulator, and requires the group to produce understandable analysis of policy language, coverage for ransomware and system recovery, exclusions, data gaps, and market constraints. NTIA must then publish resources on its website and promote them to industry stakeholders and the public.
Who Benefits and How
Cyber insurance customers benefit because policy terms, coverage limits, ransomware provisions, and exclusions must be explained in understandable resources. Cyber insurance issuers benefit from federal resources on clear communication and possible improvements to actuarial and cyber-risk data. Small businesses benefit from better information for evaluating the type and level of cyber coverage they need. Insurance agents and brokers benefit from guidance and examples they can use when explaining policy provisions. Critical infrastructure operators benefit from clearer cyber-insurance information tied to common cyber incidents and recovery needs.
Who Bears the Burden and How
The Assistant Secretary of Commerce for Communications and Information must establish and chair the working group within 90 days. CISA, NIST, Treasury, Justice, FTC, and a state insurance regulator must participate in the working group. NTIA staff must publish resources, include case studies, and conduct outreach after the working group report. Cyber insurance issuers must provide input on market constraints, data needs, and coverage barriers.
Key Provisions
- Defines cyber insurance, cyber incidents, customers, issuers, policies, critical infrastructure, small businesses, and the working group.
- Creates a cyber-insurance working group chaired by NTIA with CISA, NIST, Treasury, Justice, FTC, and state-insurance-regulator participation.
- Requires analysis of policy terminology, ransomware and system-recovery coverage, exclusions, higher-loss coverage constraints, and data gaps.
- Requires NTIA to publish resources for issuers, agents, brokers, customers, industry stakeholders, and the public.
- Clarifies that the published resources are informative and not mandatory for cyber-insurance stakeholders.
Evidence Chain:
This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.
At a Glance
What This Bill Does
Requires NTIA to establish a cyber-insurance working group with federal agencies and a state insurance regulator, then publish customer- and issuer-facing resources explaining cyber-insurance policy terms, incident coverage, exclusions, ransom-payment issues, data needs, and coverage constraints.
Key Policy Areas
Cybersecurity, Insurance, Commerce
Primary Purpose
Requires NTIA to establish a cyber-insurance working group with federal agencies and a state insurance regulator, then publish customer- and issuer-facing resources explaining cyber-insurance policy terms, incident coverage, exclusions, ransom-payment issues, data needs, and coverage constraints.
Policy Domains
Bill provisions
Identified Gains
- Cyber insurance customers
- Cyber insurance issuers
- Small businesses
- Insurance agents
- Insurance brokers
- Critical infrastructure operators
Identified Costs
- Assistant Secretary of Commerce for Communications and Information
- CISA
- NIST
- Treasury Department
- Justice Department
- Federal Trade Commission
- NTIA staff
Sponsors
Legislative Progress
ReportedReported by Mr. Cruz, without amendment
Mr. Hickenlooper (for himself and Mrs. Capito) introduced the following …
Stakeholder Effects
cui bono?How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.
Cyber insurance customers, Cyber insurance issuers
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "assistant_secretary"
- → Assistant Secretary of Commerce for Communications and Information
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology