Cyber risk
Cyber risk has been increasing for several years, in line with expanding digitisation, interconnectedness and cyber threats. Insurers are not only exposed to cyber risks in their operations but are also active takers of cyber risk through their cyber underwriting activities. As digitisation, interconnectedness and cyber threats continue to expand, cyber insurance has the potential to become an increasingly more significant part of the non-life market and to play a greater role in mitigating the risks associated with cyber incidents. In view of the potential scale and pace of the growth of the cyber insurance market and the ubiquitous and significant nature of cyber risk, cyber insurance underwriting has increasingly attracted supervisory attention.
Financial stability
The IAIS performs a forward-looking role in identifying key trends and developments that could reshape the insurance industry and impact on financial stability. Cyber Risk is a key area of focus for the IAIS as rapid technological change and innovation has dramatically increased cyber threats and risks to cyber resilience, both of which have been further compounded by the rapidly changing work environments that came about during the Covid-19 pandemic.
Therefore, the 2023 special topic edition of the Global Insurance Market Report (GIMAR) is dedicated to exploring the impact of cyber risks on the insurance sector and its potential ramifications for financial stability. Specifically, the report focuses on the global cyber insurance market and the cyber resilience of the global insurance sector. It provides an overview of the key trends and aspects of the cyber insurance market and examines the sector’s cyber resilience and its implications for financial stability. The report draws on data collected by the IAIS from its 2022 Global Monitoring Exercise (GME), which covers cyber underwriting activities and cyber resilience data as of year-end 2021. To access the report, please go to bottom of this page.
Supervisory practices
In 2020, the IAIS published a report on Cyber Risk Underwriting and Identified Challenges and Supervisory Considerations for Sustainable Market Development. The report recognises that as digitisation and cyber threats continue to expand, cyber insurance is becoming increasingly significant to the non-life insurance market. The report concluded that current cyber underwriting practices, while serviceable, are not optimal, in particular due to issues surrounding the measurement of risk exposures.
On the supervisory front, the report identified that supervisory intensity and specific toolbox development (such as the use of stress tests) are generally proportionate to the size of the cyber risk underwriting market; however, given the scale and pace of the future growth of this market, it will become increasingly important to address the challenges associated with the measurement of risk exposures, cyber incident reporting and clarity of policy wording.
The IAIS´ Operational Resilience Task Force (ORTF) published its Issues Paper on insurance Sector Operational Resilience in May 2023. The Issues Paper focuses on supervisory practices with respect to cyber resilience, IT third-party outsourcing and business continuity management. This work builds on initiatives undertaken by the FSB and other standard setting bodies on a cross-sector basis.
Partners
Cyber resilience and sound cyber risk underwriting practices play an important role in ensuring safe and stable insurance markets for policyholders, and supporting financial inclusion among traditionally underserved communities and individuals, including reducing the insurance protection gap.
In this regard, the work of A2ii is relevant to the IAIS activities related to cyber risk.
Recent and upcoming events
- The Issues Paper on Insurance Sector Operational Resilience and Resolution of Comments for the public consultation phase were published May 2023.
- On 31 May 2023, a public discussion session will be held on the Issues Paper on Insurance Sector Operational Resilience. A recording of the session will be available here.
- 16 and 17 June 2022, Global Seminar including panel on operational and cyber risks