The European Insurance and Occupational Pensions Authority EIOPA have just published a consultation paper seeking insurance industry engagement to establish a framework for stress testing plausible cyber scenarios for the insurance community.
The paper is the first step in formulating a stress test benchmark for insurers to assess capital and solvency adequacy for cyber exposure within the EU.
EIOPA is seeking to rationalise capital modelling and solvency for insurance companies.
The paper sets out in great clarity the issues that each firm faces in respect of cyber exposure and includes (but not limited to) scenarios, underwriting, resilience, assumptions, and guidance.
Consultation on what?
The consultation paper seeks contributions to two principal areas:
1. Approach to understanding the cyber resilience of insurance firms, and
2. Using plausible cyber scenarios to calibrate an understanding of the capital and solvency needed
Which companies fall within scope?
EU regulated firms and equally large or small; regional / national / international regulated firms are captured.
Affirmative vs silent cyber?
Insurers with no affirmative cyber will be required to allocate capital and evidence adequate solvency for silent cyber or non-malicious cyber.
What classes of insurance?
All Classes – specifically referenced include but importantly are not limited to:
General liability/ Property /Business interruption/ Credit Insurance/ Crime / K&R / Marine / Aviation /Transport / Motor / Workers Comp / Medical / Life Insurance.
Other Cyber underwriting resources
The first regulator to address cyber insurance underwriting risk was the Prudential Regulation Authority (PRA) through the Supervisory Statement 2017/4. The PRA set out in some detail the approach to non-affirmative cyber risk (chapter 2); cyber risk strategy and risk appetite (chapter 3) and cyber expertise (chapter 4). Capital adequacy and solvency requirements being addressed under Solvency II framework.
EIOPA Consults on Cyber component in its insurance stress testing framework
Bank of England / Prudential Regulation / Cyber Insurance Underwriting
Astaara and Cyber solutions
Astaara has the right blend of insurance, cyber security and marine experience to help insurers calibrate appropriate and proportionate scenarios for all marine insurers – LMX/ International and P&I Clubs.
Through our shared experience, we understand the interactions between people, processes and technology; and how important it is to ensure that scenarios are grounded in reality.