The U.S. federal government has long debated using insurance as a tool to create incentives for better cybersecurity in the private sector, and has tried to prod the insurance industry to offer cyber coverage. Meanwhile, financial firms and industry groups have pushed the federal government to create a backstop for cyber insurance, arguing that the U.S. government is likely to end up footing the bill should a catastrophic cyber incident occur.
When catastrophes have occurred in other areas, Congress has enacted legislation to repair the damage and made efforts to prevent a similar incident from happening again. This pattern played out following 9/11, Hurricane Katrina, and the 2008 financial crisis, to varying degrees. Anticipating a catastrophic event in cyberspace, Rob argues that Congress should put in place a federal backstop for cyber insurance. Doing so would set expectations for the market and, if constructed properly, reduce the likelihood of a catastrophic cyber event by stimulating the adoption of best practices through insurance requirements and creating incentives to participate in programs that reduce risk for everyone connected to the internet.
You can find the full brief here.