S245-119

Reported

To require the Assistant Secretary of Commerce for Communications and Information to establish a working group on cyber insurance, to require dissemination of informative resources for issuers and customers of cyber insurance, and for other purposes.

119th Congress Introduced Jan 24, 2025

Summary

What This Bill Does

The bill defines cyber insurance terms, directs the Assistant Secretary of Commerce for Communications and Information to chair a working group with CISA, NIST, Treasury, Justice, FTC, and a state insurance regulator, and requires the group to produce understandable analysis of policy language, coverage for ransomware and system recovery, exclusions, data gaps, and market constraints. NTIA must then publish resources on its website and promote them to industry stakeholders and the public.

Who Benefits and How

Cyber insurance customers benefit because policy terms, coverage limits, ransomware provisions, and exclusions must be explained in understandable resources. Cyber insurance issuers benefit from federal resources on clear communication and possible improvements to actuarial and cyber-risk data. Small businesses benefit from better information for evaluating the type and level of cyber coverage they need. Insurance agents and brokers benefit from guidance and examples they can use when explaining policy provisions. Critical infrastructure operators benefit from clearer cyber-insurance information tied to common cyber incidents and recovery needs.

Who Bears the Burden and How

The Assistant Secretary of Commerce for Communications and Information must establish and chair the working group within 90 days. CISA, NIST, Treasury, Justice, FTC, and a state insurance regulator must participate in the working group. NTIA staff must publish resources, include case studies, and conduct outreach after the working group report. Cyber insurance issuers must provide input on market constraints, data needs, and coverage barriers.

Key Provisions

  • Defines cyber insurance, cyber incidents, customers, issuers, policies, critical infrastructure, small businesses, and the working group.
  • Creates a cyber-insurance working group chaired by NTIA with CISA, NIST, Treasury, Justice, FTC, and state-insurance-regulator participation.
  • Requires analysis of policy terminology, ransomware and system-recovery coverage, exclusions, higher-loss coverage constraints, and data gaps.
  • Requires NTIA to publish resources for issuers, agents, brokers, customers, industry stakeholders, and the public.
  • Clarifies that the published resources are informative and not mandatory for cyber-insurance stakeholders.

Evidence Chain:

This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.

At a Glance

What This Bill Does

Requires NTIA to establish a cyber-insurance working group with federal agencies and a state insurance regulator, then publish customer- and issuer-facing resources explaining cyber-insurance policy terms, incident coverage, exclusions, ransom-payment issues, data needs, and coverage constraints.

Key Policy Areas

Cybersecurity, Insurance, Commerce

Primary Purpose

Requires NTIA to establish a cyber-insurance working group with federal agencies and a state insurance regulator, then publish customer- and issuer-facing resources explaining cyber-insurance policy terms, incident coverage, exclusions, ransom-payment issues, data needs, and coverage constraints.

Policy Domains

Cybersecurity Insurance Commerce

Bill provisions

Identified Gains
  • Cyber insurance customers
  • Cyber insurance issuers
  • Small businesses
  • Insurance agents
  • Insurance brokers
  • Critical infrastructure operators
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: is
Insurance agents: , ,
Small businesses: , ,
Insurance brokers: , ,
Cyber insurance issuers: , ,
Cyber insurance customers: , ,
Critical infrastructure operators: , ,
Identified Costs
  • Assistant Secretary of Commerce for Communications and Information
  • CISA
  • NIST
  • Treasury Department
  • Justice Department
  • Federal Trade Commission
  • NTIA staff
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: is
CISA: , ,
NIST: , ,
NTIA staff: , ,
Justice Department: , ,
Treasury Department: , ,
Federal Trade Commission: , ,
Assistant Secretary of Commerce for Communications and Information: , ,

Legislative Progress

Reported
Introduced Committee Passed
Jun 9, 2025

Reported by Mr. Cruz, without amendment

Jan 24, 2025

Mr. Hickenlooper (for himself and Mrs. Capito) introduced the following …

Stakeholder Effects

cui bono?

How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.

Financial Services
6 mentions across 3 clauses
+6 positive

Cyber insurance customers, Cyber insurance issuers

Government
6 mentions across 3 clauses
-6 negative

Federal Trade Commission, NTIA staff

Small Business
3 mentions across 3 clauses
+3 positive

Small businesses

3/4
sections analyzed
Full impact breakdown

Bill Structure & Actor Mappings

Who is "The Secretary" in each section?

Domains
Cybersecurity Insurance Commerce
Actor Mappings
"assistant_secretary"
→ Assistant Secretary of Commerce for Communications and Information

We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.

Learn more about our methodology