Last week, Congressman Ed Perlmutter (D-CO) introduced the first bill in Congress pertaining to cyber insurance, The Data Breach Insurance Act (H.R. 6032). This legislation would provide a tax credit equal to 15 percent of their cyber insurance premiums to organizations that purchase this coverage and adopt the NIST Cybersecurity Framework. This “two-prong approach” will ideally increase companies’ cybersecurity defenses on the front-end, as well as help them recover from a cyber incident.
Additionally, the tax credit will help offset some of the costs associated with adopting the NIST cybersecurity framework: risk assessments, hardware/software upgrades, employee education and vendor testing, according to a recent press release. “With the adoption of a cybersecurity framework preventing breaches on the front end and insurance to protect businesses on the back end, this legislation provides a two-pronged approach helping businesses take the necessary steps to address this growing threat,” explained Perlmutter. The full text to H.R. 6032 can be found here.
In other news, the House passed a bill on Wednesday that would allow Small-Business Development Centers (SMBCs) to assist small business on cybersecurity matters. The Improving Small Business Cyber Security Act (H.R. 5064) will help solve the cyber “expertise gap” that small businesses face and will address the assertion that cybersecurity laws pertain to and unfairly assist larger businesses.
The bill was sponsored by Richard Hanna (NY-22) of the House Small Business Committee, which would take the role of increasing the number of cybersecurity programs offered by SMBCs. While Govtrack gives this bill a 36 percent chance of being enacted, President Barack Obama’s recent pressure to push focus on cybersecurity might help this bill become a reality. It is also important to note that the Department of Homeland Security (DHS) found that 31 percent of all cyber-attacks target small businesses. Nonetheless, 59 percent of SMEs still do not have a data breach response plan – a problem H.R. 5064 hopes to tackle.