In 2020, the IAIS published a report on Cyber Risk Underwriting and Identified Challenges and Supervisory Considerations for Sustainable Market Development. The report recognises that as digitisation and cyber threats continue to expand, cyber insurance is becoming increasingly significant to the non-life insurance market. The report concluded that current cyber underwriting practices, while serviceable, are not optimal, in particular due to issues surrounding the measurement of risk exposures.
On the supervisory front, the report identified that supervisory intensity and specific toolbox development (such as the use of stress tests) are generally proportionate to the size of the cyber risk underwriting market; however, given the scale and pace of the future growth of this market, it will become increasingly important to address the challenges associated with the measurement of risk exposures, cyber incident reporting and clarity of policy wording.
The IAIS established the Operational Resilience Task Force (ORTF) in 2020, focused on developing supervisory supporting materials on issues related to cyber resilience, including implication of cyber risk to IT 3rd party outsourcing and business continuity management. The ORTF is reviewing how existing insurance core principles support cyber resilience concepts, and is taking stock of recent publications relevant to its mandate.
In 2022, the ORTF is developing further supporting material on operational resilience in the insurance sector, specifically on IT third-party outsourcing and insurance sector cyber resilience, building on work undertaken by the FSB on a cross-sector basis.