Government urged to assist in bridging the $900 billion gap in uninsured cyber risks, according to influential cyber insurance figures
The U.S. government is taking significant steps to address the escalating risk of catastrophic cyber events and the insurance gap for small- to medium-sized businesses. This initiative involves collaborative efforts from key departments, including the Treasury Department's Federal Insurance Office, the Cybersecurity and Infrastructure Security Agency, and the Office of the National Cyber Director.
Recent announcements confirm that the White House is exploring plans to strengthen the cyber insurance market, starting with catastrophic risk. This focus stems from concerns about the impact of major cyber incidents, such as the NotPetya attacks in 2017, which caused billions of dollars in losses.
The U.S. government's approach includes revising federal cybersecurity priorities through Executive Orders, such as the June 2025 Executive Order titled "Sustaining Select Efforts to Strengthen the Nation's Cybersecurity and Amending Executive Order 13694 and Executive Order 14144." This order emphasises the security of third-party software supply chains, quantum cryptography, artificial intelligence, and Internet of Things (IoT) devices.
Moreover, the recently released "Winning the Race: America's AI Action Plan" embeds cybersecurity as a foundational priority, recognising the importance of resilience and security for scaling AI progress.
Although specific actions addressing the insurance gap for small- to medium-sized businesses are not detailed in the recent announcements, the emphasis on cybersecurity and AI governance suggests that efforts to enhance businesses' resilience might indirectly benefit these entities. For example, improving cybersecurity standards and practices can help mitigate risks that exacerbate insurance gaps.
Looking ahead, the National Institute of Standards and Technology (NIST) continues to play a crucial role in developing frameworks that could help businesses, including small- to medium-sized ones, manage cybersecurity risks more effectively. There is also a growing need for collaboration between government agencies, private insurers, and businesses to address the financial and risk management challenges posed by catastrophic cyber events.
Future policy efforts may aim to integrate risk management strategies and insurance solutions more directly into the broader cybersecurity framework to support vulnerable businesses. Recommendations for future initiatives include developing and promoting easily adaptable cybersecurity standards for small- to medium-sized businesses, offering incentives for businesses that implement robust cybersecurity measures, and fostering partnerships to provide training and resources for enhancing cybersecurity and managing cyber risks.
The Treasury Department's Federal Insurance Office is working closely with the National Cyber Director and the Cybersecurity and Infrastructure Security Agency to address catastrophic cyber risk. A risk protection gap of about $900 billion exists between insured losses and economic losses due to cyberattacks, highlighting the urgency of these efforts.
Industry leaders, such as Marsh McLennan, have been advocating for government intervention to address the growing risk of catastrophic cyber events. In 2022, Marsh McLennan wrote to the U.S. Treasury Department's Federal Insurance Office urging the government to closely examine catastrophic insurance risk as an issue.
As the cyber insurance market continues to grow, with estimates suggesting it will exceed $28 billion in gross written premiums in 2027, addressing the insurance gap for small- to medium-sized businesses is crucial to ensuring economic resilience in the face of cyber threats. The White House and the Office of the National Cyber Director are working together to address the issue of catastrophic cyber risk in the national cybersecurity strategy.
- The White House is exploring plans to strengthen the cyber insurance market, focusing on catastrophic risk, given the significant losses caused by major cyber incidents.
- The U.S. government, through initiatives like revising federal cybersecurity priorities and promoting AI action plans, aims to enhance businesses' resilience, which may indirectly benefit small- to medium-sized businesses.
- Industry leaders, such as Marsh McLennan, have advocated for government intervention to address the growing risk of catastrophic cyber events, urging the government to examine catastrophic insurance risk closely.
