A House lawmaker's proposal to give a tax credit to companies who purchase data breach insurance and implement a widely respected cybersecurity framework is likely to win backing for its approach of encouraging rather than requiring robust protections, but questions about how strong safeguards will actually need to be is likely to raise roadblocks.
Building on the wealth of legislative and regulatory proposals floated in recent years to combat the growing spate of cyberattacks that have hit businesses in a range of sectors, Rep. Kevin Perlmutter, D-Colo., on Thursday floated H.R. 6032, the Data Breach Insurance Act.
However, unlike the vast majority of its predecessors — including tough cybersecurity rules for financial institutions proposed by the New York Department of Financial Services last week — Perlmutter's bill doesn't mandate compliance, but instead proposes to give a 15 percent tax credit to companies who purchase data breach insurance coverage and adopt the National Institute of Standard and Technology's voluntary cybersecurity framework.
Given that both lawmakers and regulators have tended to take more of a "stick" rather than a "carrot" approach to cybersecurity to date, this shift is likely to not only win favor among businesses, but could also help to improve their cybersecurity posture in general, attorneys say.
"If taxpayers are indirectly subsidizing these security measures, then one certainly hopes the insurance product is going to deliver and it's not going to be business as usual with either policyholders not protecting their systems as well as they should, or having insurance companies take kind of an unduly narrow interpretation of cyber insurance and start fighting claims," Anderson Kill PC shareholder Joshua Gold said.