Expert: Cybersecurity regulation under Trump a question mark for now

With the top U.S. cybersecurity official making her exit and the incoming administration’s next move anyone’s guess, one legal expert is urging cyber insurance policyholders to ensure their coverage is secure now.

Arthur Armstrong, partner in the Insurance Recovery Group, Reed Smith, suggested that cybersecurity regulations could likely loosen under a Trump administration.

“Trump is a Republican candidate and, traditionally, Republicans are going to be strong on national security and not looking to increase regulation,” Armstrong said.

However, he emphasized the uncertainty of future conditions and said policyholders should focus on what they can control: their coverage.

“I tell clients what they need to focus on is their own insurance program, and then appreciating the risks they have from a cybersecurity perspective,” he said.

The fate of cybersecurity

Armstrong believes national security and regulation could be “at odds” under the new administration, with cybersecurity smack in the middle of the two.

“When it comes to the cybersecurity and the cyber insurance component, those traditional positions are somewhat at odds right now… The things I think about are how this next administration addresses the intersection between regulation and national security,” he said.

In November, shortly after elections, Jen Easterly, director, Cybersecurity and Infrastructure Security Agency, announced she will leave office as the new administration takes over.

President-elect Donald Trump has yet to name a successor. However, after a slew of controversial appointments in the weeks following his triumph at the polls, some cybersecurity stakeholders are concerned about the direction CISA will head in.

While the Trump administration has been known to take a hard stance on border protection and national security, Armstrong said it seems to be more focused on fighting perceived misinformation online than making major changes to cybersecurity laws for now.

“Where you have seen pushback as to some of the regulation and the government oversight of cybersecurity, I think it has more to do with campaigns to try to thwart disinformation,” Armstrong said.

He added, however, that it is unlikely a situation will develop where “anyone’s talking about it like they’re talking about getting rid of the Department of Education.”

“I don’t see that happening for those involved in fighting cyber criminals… I think cybersecurity and its relationship, particularly to national security, is going to be a bipartisan issue,” he said.

What changes to expect?

Rather, Armstrong said what could likely happen with cyber insurance is that it could become more difficult to obtain. Although, he emphasized that this is not necessarily due to a change in government but just a reflection of current market conditions.

“The cyber insurance market has been softer than it has been in some years. The application process is only going to continue to become more onerous,” he said.

For instance, he predicted criteria that were optional in the past or impacted premiums or available coverage will become mandatory going forward.

“You’re not going to get cyber insurance if you don’t have MFA (multi-factor authentication) or you don’t have the other indicators of a well-prepared and put-together cybersecurity program,” Armstrong said.

A word to the wise: Prepare now

Amid the future uncertainty, Armstrong advised policyholders to reassess their coverage, risks and needs now before it becomes too late. He urged businesses that need cyber insurance to anticipate gaps that could leave them open to severe litigation and prepare accordingly.

“If you’re utilizing those types of technologies, you better have the right cyber insurance in place that doesn’t have third-party claims excluded… It’s those more micro-level questions that business policyholders out there should be focused on because that’s within your control and what may happen in 2025, in a lot of ways, is not,” he said.

Armstrong’s advice is for businesses to work with a good broker who knows the cyber insurance market and understands exposures, as well as with coverage counsel to do a legal review of policy wording. He emphasized the importance of understanding the “likely life of a cyber event.”

“For example, if you suffer a data breach of some sort, all the notification requirements that stem from that. That’s certainly a function of the regulations in place at the time, so that’s something that could go up or down under the next administration — probably more likely down, but there’s also state regulations,” Armstrong said.

Ultimately, he acknowledged that no one knows for certain what Americans can expect under the Trump administration and in the coming years.

“I know something will happen that is significant and we’ll have huge market ramifications in the cyber coverage market, but who knows what that will be,” he said.

Reed Smith LLC is an international law firm founded in 1877. Headquartered in Pittsburgh, Philadelphia, it has more than 30 offices in the United States, Europe, Asia and the Middle East.

© Entire contents copyright 2024 by InsuranceNewsNet.com Inc. All rights reserved. No part of this article may be reprinted without the expressed written consent from InsuranceNewsNet.com.

Rayne Morgan is a journalist, copywriter, and editor with over 10 years' combined experience in digital content and print media. You can reach her at [email protected].