On 2 August 2018 the European Insurance and Occupational Pensions Authority (EIOPA) published a report, “Understanding Cyber Insurance - A Structured Dialogue with Insurance Companies."
The report aims to enhance the level of understanding of cyber risk and the cyber insurance available in Europe, and begins by observing that approximately 90% of the standalone cyber insurance market is located in the United States and only 5-9% in Europe. The content of the report is based on a survey of responses to a set of 14 qualitative questions answered by 13 insurance and reinsurance groups located in Switzerland, France, Italy Germany and the UK.
One of the key findings of the questionnaire is that although presently cyber insurance cover is largely focused on commercial business, there is increased interest in cyber coverage for individuals due to the increased exposure of individuals to cyber risks such as identity theft.
The report highlights the challenges faced by the cyber insurance industry, such as the improper treatment of non-affirmative risks (insurance policies that do not explicitly include or exclude coverage for cyber risk) and the difficulty in quantifying risks. In particular, the report finds that qualitative models which are based on risk assumptions of exposure, questionnaires and expert judgment are more often used than quantitative models in risk assessment and pricing. The report provides an insight into the functioning, growth potential, challenges and threats of cyber insurance for reinsurers. It reports that the insurance industry expects a gradual increase in the demand for cyber insurance, driven by new regulations, increased awareness of risks and a higher frequency of cyber events, but that the lack of specialised underwriters as well as data and quantitative tools are key obstacles to the development of the industry. However, regulation could benefit the industry in that it can assist with some of the identified challenges, including the need for compliance with the Solvency II Directive (2009/138/EU).
To read the report, please click here.