How will Trump’s presidency impact the cyber insurance market?

Armstrong is a partner in the global law firm's insurance recovery group and focuses on cyber-attacks, including ransomware, DDoS attacks, social engineering, malware attacks and other cyber threats.

PropertyCasualty360.com: How will Trump's second term impact regulations in the cyber insurance market? Can we expect more or less?

Armstrong: We can expect regulations to decrease under the second Trump administration.  Indeed, we have already seen this through Trump’s day-one recission of former President Biden’s executive order regulating the development and implementation of artificial intelligence and dismantling of the Cyber Safety Review Board. 

And while President Trump established the Cybersecurity and Infrastructure Security Agency during his first term, their work became somewhat controversial in republican circles over the last four years.  In particular, some news items were wrongly labeled as “disinformation,” which has led for calls to end this effort. 

But more broadly, Trump is expected to limit regulation in line with Republican Party principles.  At the same time, a significant cyber event, particularly one initiated by a nation state threat actor, would bring a hyper focus to the country’s cybersecurity apparatus.  While republicans are typically anti-regulation, they are also pro national security.  Increasing U.S. national security was a central tenant of the Trump platform and will work to temper efforts to lesson regulations in cyber.    

PropertyCasualty360.com: Would a decrease in regulatory oversight negatively impact the cyber insurance sector?

Armstrong: A decrease in regulatory oversight puts a greater onus on insurance companies, which will trickle down to policyholders, particularly in the cyber insurance application context.  Cyber insurance applications have become more involved and detailed in recent years as insurers better understand the potential exposure from cyber and data privacy events. 

To be sure, whether a policyholder has appropriately sophisticated cyber security protocols in place directly affects susceptibility to a cyber-attack. 

Moreover, the volume and nature of personal data collected and maintained (and potentially shared with third parties) by a policyholder can also greatly impact potential cyber liability.  To the extent there is a regulatory overlay that governs these factors, then certain baselines are “baked in” to the insurance application process.  To the extent regulation decreases, insurers can be expected to increase due diligence in relation to the sale of cyber insurance policies.

PropertyCasualty360.com: Will cyber insurance become mandatory? Will new businesses get a license without this coverage in the future?

Armstrong: From the policyholder perspective, I would say cyber insurance is mandatory for all but the smallest businesses.  To the extent your collect any personal information, process payments electronically, use computer systems, wire payments, or even have a website, you should have some level of cyber insurance protection. 

But I do not expect there to be a governmental mandate requiring cyber insurance in order to operate a business anytime soon, and certainly not under the Trump administration.  However, businesses (or governmental agencies) are well advised to consider whether they should require their contractual counterparties to maintain cyber insurance. 

PropertyCasualty360.com: What is the current state of cyber insurance? What will be the biggest difference in the sector between a Biden and Trump presidency?

Armstrong: The cyber insurance market is ever changing with new insurance companies entering the market and others departing.  Likewise, policy forms are continuously evolving to address new and different cyber risks. 

Unfortunately, this has led to more exclusions and sublimits that negatively affect cyber coverage overall.  A policyholder should work with an experienced broker to ensure that it is obtaining appropriate coverage with respect to scope and available policy limits. 

Each business has unique risks that must be accounted for and insurance policy terms can be particularly tricky.  Coverage counsel can also provide a legal review of proposed policy language and changes from year to year, which is helpful in avoiding surprises later when coverage is needed for a cyber-claim.

The cyber insurance market if influenced by many factors and there will not likely be any immediate, drastic changes as the second Trump administration is underway.  The most important aim for policyholders remains that they understand their own vulnerabilities and the potential loss from a cyber-event, including potential business interruption, and design their cyber insurance program accordingly.

PropertyCasualty360.com: Has cybersecurity become a bipartisan issue? (Particularly as it relates to national security and threats from countries like China)

Armstrong: Yes, while there will always be disputes around the edges, and different views on whether cyber regulation is being wielded so as to negatively affect one party or the other, overall republicans and democrats agree cybersecurity is a key concern and directly related to national security. 

It is reasonable to expect that an attack perpetrated by a foreign adversary will galvanize a bipartisan effort to address the vulnerabilities involved.  Threat actors will continue to seek to disrupt and disable both real-world infrastructure (e.g. power grid, bridges, ports) and cyber infrastructure (e.g. telecom internet connectivity). 

Our government officials have no choice but to focus on avoiding catastrophic cyber events and limiting the fallout from these malicious acts.

See also:

• How the U.S. election outcome will impact agency values
• Court rules insurance won't cover Home Depot data breach costs
• 6 Risks to watch in 2025