The PRA proposes a new supervisory statement setting out its expectations for the prudent management of cyber underwriting risk, which is defined as the set of prudential risks emanating from underwriting insurance contracts that are exposed to losses resulting from a cyber-attack.
The proposals in this Prudential Regulation Authority’s(PRA) consultation paper (CP) are based on thematic work carried out by the PRA between October 2015 and June 2016 involving a range of stakeholders including insurance and reinsurance firms, (re)insurance intermediaries, consultancies, catastrophe modelling vendors, cyber security and technology firms, and regulators.
The CP sets out the PRA’s proposed expectations in relation to the ability of firms to exercise prudent management of cyber insurance underwriting risk. Firms are expected to be able to identify, quantify and manage the risks emanating from cyber underwriting risk both in terms of affirmative and ‘silent’ cover.
The results of the PRA’s thematic work highlighted several risks faced by the insurance industry in relation to cyber underwriting risk. The key findings are summarised in a letter to firms – ‘Cyber underwriting risk’ – published on 14 November 2016 (see Related Links).
The proposals have been grouped based on the PRA’s thematic findings in the following sections:
-
‘silent’ cyber risk;
-
cyber risk strategy and risk appetite; and
-
cyber expertise.
This consultation closes on Tuesday 14 February 2017.
Full news
Consultation paper
© Bank of England
Key
Hover over the blue highlighted
text to view the acronym meaning
Hover
over these icons for more information
Comments:
No Comments for this Article