U.S. Rep. Ed Perlmutter (CO-07) introduced new legislation encouraging American businesses to fortify their systems and networks in an effort to mitigate the impact of cyber-attacks and data breaches.
The Data Breach Insurance Act (H.R. 6032) provides a two-prong approach by providing a fifteen percent tax credit to companies who purchase data breach insurance coverage and adopt the National Institute of Standards and Technology (NIST) Cybersecurity Framework or any other standard approved by the Secretary of Treasury. The tax credit will help offset some of the costs associated with implementing the cyber frameworks such as risk assessments, hardware/software upgrades, employee education, training, and vendor testing.
In 2014, there were 783 reported data breaches in the U.S. which exposed 85.6 million records, according to the Bipartisan Policy Center. The average cost of a data breach is now $3.8 million, up from $3.5 million a year ago, according to data security research organization, Ponemon. And IBM estimates businesses are attacked an average of 16,856 times a year – or 46 attacks on every business every day, nearly two attacks an hour.
“Whether in the private sector or government sphere, hacks expose vulnerabilities and compromise our personal information including our financial records and identifications. They inconvenience our lives requiring new credit cards, credit monitoring and ID theft protection, and they can cost companies their reputations and billions of dollars,” said Perlmutter. “As more and more businesses become targets of cyber-attacks, it is more important than ever for them to be protected. That’s why I’m introducing this legislation to help do more to prevent massive data breaches that compromise millions of American’s private and personal information.”
The Data Breach Insurance Act helps businesses realize the value proposition of purchasing data breach insurance and the NIST Cybersecurity Framework as risk mitigation tools. Rep Perlmutter said the legislation will also help develop a robust data breach and cyber liability insurance marketplace to help businesses cover legal and liability costs, costs of notifying affected consumers, business interruption, settling cyber extortion threats, among others.
“With the adoption of a cybersecurity framework preventing breaches on the front end and insurance to protect businesses on the back end, this legislation provides a two-pronged approach helping businesses take the necessary steps to address this growing threat,” continued Perlmutter.
In response to Barack Obama’s Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity which was issued in 2013, NIST developed its Cybersecurity Framework with extensive private sector input and released it in February 2014. According to NIST, thirty percent of businesses currently use the Cybersecurity Framework to help manage their cyber risk.