At a Senate hearing on cyberinsurance regarding notice to cyber victims there was testimony about a uniform federal cybersecurity breach law to replace the laws in 47 states which could help by having a uniform standard could “reduce the cost of breach responses and enhance consumer protection.” The Senate Commerce Committee’s Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security began examining cybersecurity with two hearings in February:
The first hearing examined the National Institute of Standards and Technology (NIST)’s partnership with the private sector to improve critical infrastructure cybersecurity. NIST’s continuing role was codified in S. 1353, the Cybersecurity Enhancement Act of 2014 (P.L. 113-274), originally introduced by Commerce Committee Chairman John Thune (R-S.D.) and former Chairman Rockefeller (D-W.Va.).
The second hearing informed Committee efforts in crafting a federal data breach bill. Sen. Moran’s hearing on Thursday [March 19, 2015] will continue the Committee’s examination of cybersecurity issues.
At the March 19, 2015 hearing Businessinsurance.com reported that Senator Jerry Moran (R-Kan.) said that cyber insurance:
…may be a market-led approach to help businesses improve their cyber security posture by tying policy eligibility or lower premiums to better cyber security practices.
Replacing the 47 states notification laws should help consumers who rely on cyberinsurance for these breaches, but only if the legislation is well drafted and considered.