Proposed Data Breach Insurance Act Provides Cybersecurity Incentive

By November 14, 2016 Blog No Comments

Representative Ed Perlmutter (D-Colorado) recently introduced H.R. 6032, known as the Data Breach Insurance Act. The proposed legislation would provide a 15% tax credit to companies that purchase data breach insurance and implement cybersecurity measures.

While the bill doesn’t mandate compliance, it provides a strong incentive for businesses to purchase data breach insurance and adopt the National Institute of Standard and Technology (NIST) voluntary cybersecurity framework or any other standard approved by the Secretary of Treasury. The tax credit will only apply to policies that require companies to enact good cybersecurity practices, such as the NIST Framework. The rebate will help offset some of the costs associated with implementing the cyber framework such as risk assessments, hardware and software upgrades, employee education, training, and vendor testing.

“With the adoption of a cybersecurity framework preventing breaches on the front end and insurance to protect businesses on the back end, this legislation provides a two-pronged approach helping businesses take the necessary steps to address this growing threat,” said Perlmutter.

According to data security research organization, Ponemon Institute, the average total organizational cost of a data breach in the U.S. has risen to $7.01 million. In 2015, the average total organizational cost of a data breach in the U.S. was $6.53 million.

The Bipartisan Policy Center stated that in 2014, there were 783 reported data breaches in the U.S., which exposed 85.6 million records. IBM estimates that businesses are attacked an average of 16,856 times a year; that is 46 attacks on every business every day.

Cyber insurance can cover a business’ legal and liability costs, costs of notifying affected customers, business interruption, settling cyber extortion threats, and the costs of providing credit and identity theft monitoring services to affected customers.

“Whether in the private sector or government sphere, hacks expose vulnerabilities and compromise our personal information including our financial records and identifications. They inconvenience our lives requiring new credit cards, credit monitoring, and ID theft protection, and they can cost companies their reputations and billions of dollars,” said Perlmutter. “As more and more businesses become targets of cyber-attacks, it is more important than ever for them to be protected. That’s why I’m introducing this legislation to help do more to prevent massive data breaches that compromise millions of American’s private and personal information.”

Hickey Smith was recently recognized as one of the most innovative law firms in the world by London-based The Lawyer Magazine.

Hickey Smith’s cybersecurity team, in partnership with EXTEND Resources, forms a multidisciplinary team that works directly with businesses and insurance companies to enact sophisticated cybersecurity practices, including the NIST Framework and ISO 27001:2-13 certification, to ensure that those businesses stay in compliance with their selected framework.

Hickey Smith is a leader in cybersecurity and is one of only a handful of law firms that have achieved ISO 27001:2013 certification for information security. In 2015, David Hickey was named a Cybersecurity Trailblazer by The National Law Journal.

For more information, please contact one of our cybersecurity team leaders listed below.

David Hickey at or 626-737-9505

Rene Kahn at or 626-737-6236

Jason Balogh at or 415-813-4455

Show Buttons
Share On Facebook
Share On Twitter
Share On Google Plus
Share On Linkdin
Hide Buttons