A recent speech by Fausto Parente of the European Insurance and Occupational Pensions Authority emphasised the need for firms to engage with cyber insurance as they seek to manage data security and cyber crime risk, as well as the need for cyber insurance to evolve in order to effectively address these risks.
Mr Parente observed that the European cyber insurance market is growing rapidly, but there are some key weaknesses that need to be addressed. For example, lack of data is one of the biggest obstacles for underwriters in obtaining a detailed understanding of cyber risk and provision of coverage. This is attributed to firms being reluctant to share data about both security measures taken and cyber incidents experienced. However, this lack of quantitative data makes it difficult for insurers to price risk and estimate exposure liability.
Mr Parente suggests one option to address this might be to develop a European-level cyber incident reporting framework that would enable the sharing of information on an anonymised basis so that insurers and reinsurers can develop their pricing and risk models.
Mr Parente also suggests that there should be a common understanding of contractual definitions, so that policy holders and insurers have the same understanding of contract terms. Clear and transparent cyber coverage is essential from a consumer protection perspective.
As cyber attacks increase in both frequency and sophistication, cyber insurance is increasingly in demand and it is crucial that the insurance industry can meet this need. Firms should review their current insurance arrangements carefully to ensure that they have adequate cover to address their cyber and data risk and monitor developments in this area.
The increasing frequency of cyber attacks, coupled with stricter regulation regarding cyber security as well as continued technological developments are all expected to increase demand for cyber insurance in the near future.