Media Coverage
Source: Bloomberg BNA
Media Coverage
07.18.14
The failure to fully address the threat of cyberterrorism in the Terrorism Risk Insurance Act (TRIA) as its reauthorization was under consideration in Congress caused some concern among industry watchers and legal experts. The TRIA was first enacted in 2002 following the Sept. 11, 2001, terrorist attacks to aid in the recovery of the property insurance industry. (The 2001 attacks cost the industry almost $32 billion in losses.) The act provides financial support when a single terrorist attack triggers more than $100 million in claims.
What exactly constitutes a terrorist act is defined by a set of statutory criteria and certified by the Department of Treasury. The event must have been determined to be violent or otherwise dangerous to human life, and undertaken on behalf of a foreign person or interest “as part of an effort to coerce the civilian population of the United States or to influence the policy or affect the conduct of the United States Government by coercion.”
Still, for many, the law is conspicuous in what it fails to define. Brian Finch, a partner in the Washington, DC, office of Pillsbury Winthrop Shaw Pittman LLP, considers the fact the law doesn’t specifically mention or sufficiently define cyberterrorism as a potential source of liability for U.S. businesses.
“There are some strong arguments that cyberattacks resulting in physical damage should be covered under TRIA as it exists, but there is nothing definitive to that effect,” Finch said in the Bloomberg BNA article. “It would be good if it were clearer whether TRIA covers losses from such attacks, including claims for business interruption, financial losses and other types of liability.”
Without adequate coverage, Finch believe that “companies could be in grave financial danger if a significant cyber event occurs.”