b'TABLE OF CONTENTSIncreased Government Engagement state government entities from paying ransom demands. The list of covered entities is broad, Government action and engagement are likely toencompassing cities, public schools, and continue to serve as a key driver in the furthercommunity colleges. Over the past two years, development of the cyber insurance industry andlegislators in multiple states including New York, resolution of some of the outstanding ambiguitiesPennsylvania, and Texas have introduced that exist with respect to coverage. legislation to ban or limit ransom payments. The US federal government has been consideringCurrently, efforts have largely focused on ransoms the role that cyber insurance can play in mitigatingpaid by government entities or with government cybersecurity risks to the US economy and nationalfunds, but one New York bill sweeps far broader, security for yearsexploring a range of options forproposing to ban government entities, business improving the market for both insureds andentities or healthcare entities, from paying any insurers. Some of the approaches underransom demand. The extent to which these efforts consideration would likely be welcomed, whilegain traction could have a significant impact on others could be highly disruptive initially. how insureds and insurers structure cyber insurance policies as they relate to ransomware.At one end of the spectrum, some public officials have called for a prohibition on the facilitation ofBeyond requirements that could impact the way ransom payments. As many ransom payments areinsurers and insureds prepare for cyber incidents, ultimately made or reimbursed by insurers, such athe federal government has also taken steps to prohibition would have a major impact on thehelp the industry better understand the cyber insurance market. In 2021, Congressmanchallenges it faces and provide data that could Patrick McHenry (R-NC) introduced theimprove its products. For example, the US Ransomware and Financial Stability ActCyberspace Solarium Commission, a bipartisan (H.R.5936). This bill would prohibit coveredcommission established by Congress to develop a financial institutions from making any ransomcomprehensive strategy to defend the US from payment in excess of $100,000 without ansignificant attacks in cyberspace, included authorization from federal law enforcement.specific recommendations regarding cyber Although it would not apply directly to insuranceinsurance. Recommendation 4.4 called on companies, this approach reflects an increasinglyCongress to direct the Department of Homeland common view. Congressman Jim Langevin (D-RI), aSecurity to support a federally funded research co-founder of the Congressional Cybersecurityand development center to work with state-level Caucus has stated that [a]s the scourge ofregulators in developing certifications for ransomware continues to grow, all options must becybersecurity insurance products. The goals of on the table, including prohibiting ransomsuch a center would be to support the payments. The push for a prohibition also hasdevelopment of improved underwriting models support at the state level. North Carolina, forand claims adjuster training and certifications. In example, recently passed legislation prohibitingaddition, this center could collaborate both with MAYER BROWN |145'