This month, Rep. Ed Perlmutter (D-CO) introduced a new bill, H.R. 6032, the Data Breach Insurance Act. The bill would provide a 15 percent tax deduction on premium paid for businesses that purchase data breach insurance.
To receive the credit, businesses would have to comply with the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
NIST is not a regulatory body and so its framework was merely developed to offer basic guidelines for proper cybersecurity hygiene, and was never intended to be mandatory.
NIST’s Cybersecurity Framework is thorough and has enjoyed major adoption across government agencies, Chris Greer, Director of the Smart Grid and Cyber-Physical Systems Program Office, and National Coordinator for Smart Grid Interoperability at NIST told ITWatchIT in a recent exclusive interview.
Industry experts have also cited a lack of adherence to NIST’s Cybersecurity Framework as one of the facilitators of the OPM breach. The breach affected a wide array of sensitive information for 21.5 million current, former, and prospective Federal employees and contractors – including background investigation, Social Security Numbers, fingerprints, Usernames and passwords.
The proposed legislation is aimed at encouraging development in the cyber insurance market, and also encouraging businesses to adopt cybersecurity best practices, such as the NIST framework.
“Using an incentive approach rather than a mandate gives this a much better chance of succeeding, both in the marketplace and in the Congress,” said Perlmutter.
Cybersecurity is a very hot topic currently, and will probably be for a long time, as the world moves even deeper into a digital future. It is expected that similar bills will crop up in the future.