New bill would give tax credits for cyber insurance

Rep. Ed Perlmutter (D-Colo.) introduced legislation this month to subsidize data breach insurance for businesses while encouraging practices that would keep them from ever having to use it. 

The Data Breach Insurance Act would offer a tax deduction of 15 percent of the cost of breach insurance.

{mosads}Perlmutter said he has received positive feedback for the bill from both legislators and stakeholders.

“Using an incentive approach rather than a mandate gives this a much better chance of succeeding, both in the marketplace and in the Congress,” he said.  

The bill, he said, would promote breach protection for consumers on both the “front and back end.” The insurance rebate would only apply to policies that required companies to enact good cybersecurity practices, like those in the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

The NIST framework was explicitly developed as guidelines for good cybersecurity and was not intended to be used in regulations. It says its suggestions should be customized for the unique needs of any user.

Perlmutter said that flexibility will make it easier for insurers to tailor practices to meet specific industry needs and to adapt as threats change. 

Perlmutter’s bill comes at the same time as a groundbreaking RAND institute study suggesting that the costs of data breaches to companies is much lower than most people imagine — usually less than 0.4 percent of annual revenues. Media coverage of large breaches make it seem like the cost to a business might be in the millions of dollars. 

According to RAND, the number might be closer to an average of $200,000, around the cost of a yearly IT budget. As a result, it may be unrealistic to expect companies to invest considerably more on information security. 

“That doesn’t mean there aren’t harms imposed on other people that the government has an interest in mitigating,” said policy researcher Sasha Romanosky, who conducted the study. 

Perlmutter said the bill was born out of some of those externalities. As a member of the House Finance Committee, he had testimony from financial institutions of the costs to third parties from a breach. 

“There is a cost to financial institutions of reproducing credit cards, sending out notices advising customers and the processes that go along with that. And there has been this tension between the financial institutions and the retailers as to who should bear the costs,” he said. 

“And that’s before even considering what happens when a hacker dips into someone’s bank account.”

Breaches, note Perlmutter and Romanosky, can also considerably impact customers. 

Romanosky says he came to a similar conclusion as Perlmutter that insurance companies might be the best direction forward. 

“I actually wrote the paper as a teaser to a follow up paper on insurance,” Romanosky said.

“The trick with insurance is the amount of data they will get through claims. They have insight into different liabilities — they are the ones best set up to gauge the costs and benefits of different actions.” 


Most Popular

Load more


See all Video