The House Financial Services Committee on October 31 approved an amended version of the Terrorism Risk Insurance Program Reauthorization Act of 2019 that would require the Government Accountability Office (GAO) to report on cyberterrorism risks and the Department of Treasury to issue a biennial report that includes “disaggregated data on places of worship.”

The Terrorism Risk Insurance Act of 2002 (TRIA), approved after the 9/11 terrorist attacks in New York City and Washington, D.C., provided a backstop to encourage insurers to resume writing terrorism policies. After 9/11, primary insurers sought to explicitly exclude terrorism coverage from their commercial policies, and reinsurers became unwilling to assume risks in urban areas perceived as vulnerable to attack.

TRIA created the Terrorism Risk Insurance Program (TRIP), a federal loss-sharing program for certain insured losses resulting from a certified act of terrorism. TRIP provides a backstop for insurers and has to be periodically reauthorized. It is currently due to expire at the end of 2020.

In addition to the reporting requirements mentioned above, the amended legislation shortens the extension period from 10 years.

The bill says the cyber report should analyze the general vulnerabilities and potential costs of cyberattacks on the nation’s infrastructure and reach conclusions about whether cyberrisk, particularly cyberliabilities, under property/casualty insurance, can be sufficiently covered and adequately priced.

The insurance industry has praised the progress of the extension as well as the proposed studies of cyber exposures. The next step toward TRIA reauthorization is a floor vote in the House of Representatives.

Follow the conversation about the federal terrorism backstop here.