Insure Cybersecurity Act of 2025
Insure Cybersecurity Act of 2025
Plain Language Summary
# Insure Cybersecurity Act of 2025 - Plain Language Summary **What It Does:** This bill would direct the federal government (specifically the National Telecommunications and Information Administration) to create a working group focused on improving the cyber insurance market. The group would work on making cyber insurance policies clearer and easier to understand for both regular customers and insurance companies. It would develop plain-language guides explaining confusing insurance terms and help people understand what different policies actually cover when cyberattacks happen. **Who It Affects:** This bill would impact businesses and individuals who buy cyber insurance (insurance that covers financial losses from hacking, ransomware, and other digital attacks), as well as insurance companies that sell these policies.
It could also affect government agencies involved in overseeing insurance and cybersecurity. **Current Status:** The bill was introduced by Senator John Hickenlooper (D-Colorado) in the 119th Congress and is currently sitting in committee, meaning it hasn't been debated or voted on by the full Senate yet. The bill is focused on improving transparency and communication in the cyber insurance industry rather than creating new regulations or requirements.
CRS Official Summary
Insure Cybersecurity Act of 2025This bill requires the National Telecommunications and Information Administration (NTIA) to establish a working group on cyber insurance policies. Under the bill, these are defined as policies that offer coverage for losses, damages, and costs incurred due to cyberattacks and related incidents.The working group is directed to analyze and address issues in the cyber insurance market facing both insurers and their customers. Specifically, the working group must develop information for customers on how to effectively evaluate policy options, and for insurers on how to clearly communicate with customers regarding policy provisions.Additionally, the working group is directed to analyze and explain in layman’s termsterminology commonly used in cyber insurance policies, including terminology used to include or exclude coverage for losses from cyber incidents;how common policy provisions correspond to cyber incidents and potential responses, including ransomware and potential ransom payments; andconstraints faced by insurers in covering higher losses in cyber risk areas, such as reputational damage and loss of intellectual property.At the conclusion of the working group's term, NTIA must publish and disseminate informative resources for cyber insurance stakeholders, including any recommendations formulated by the working group.
Latest Action
Placed on Senate Legislative Calendar under General Orders. Calendar No. 90.