• admin
  • Cyber Insurance
  • No Comments

The Global Federation of Insurance Associations (GFIA) has now provided its feedback to the Organisation for Economic Cooperation and Development (OECD) on cyber issues and the cyber insurance project. The GFIA has suggested that the OECD Insurance and Private Pensions Committee (IPPC) should consider reviewing the broader cybersecurity landscape to determine how policy and regulation can support open market penetration through greater cyber risk awareness and sharing of data and information.

One topic that it focused on was the international confusion regarding the insurability of fines and penalties. In the US, the FTC has explicitly stated that fines are not insurable, while in Europe there is nothing in the GDPR which either permits or prohibits insurance coverage for regulatory fines. The GFIA encouraged the OECD to clarify this issue in order to benefit consumer and insurer contract certainty.

In a statement on the topic, the UK Information Commissioner’s Office (ICO) said: “We are aware that there is insurance available against cyber risks and data breaches, but we are not aware whether insurance is available to provide cover against fines which may be issued by the ICO for breaches of the GDPR. However, our view is that a focus on insurance rather misses the point, and organisations should be looking to recognise the benefits of good information rights practice to efficiency, reputation and competitive edge.”

According to the GFIA, the cyber insurance market is an important resiliency tool with many ancillary benefits. Each year, the market continues to grow responsibly as insurers innovate and address consumer needs and market demands. Whether or not fines are insurable in different jurisdictions, it is clear that organisations need to be focused on digital ethics: good information rights practice to drive efficiency, reputation and competitive edge, as well as adequate protection in the form of both cyber insurance and crisis management cover.

Background:

A year ago the OECD released a report that set out to provide ‘a series of policy recommendations aimed at enhancing the contribution of the cyber insurance market to managing increasingly prevalent risk’.

The report discussed issues such as data confidentiality, system malfunction, data integrity and availability and what happens when there is malicious activity. It also looked at the cyber insurance market as a stand-alone market as well as coverage for cyber-related losses in existing (traditional) policies.

The report also addressed market challenges as well as discussing how to support the cyber insurance market through better policies and regulation.

The key findings were:

  • Insurance can contribute to improving the management of cyber risk and should be considered an essential component of countries’ strategies for addressing digital security risk.
  • The policy, legal, and regulatory framework can have important implications for how much information on cyber incidents is made available and therefore the level of uncertainty when underwriting cyber risk.
  • The lack of data on cyber incidents is a significant impediment to the management of cyber risk, including the transfer of cyber exposures to insurance markets. Greater public-private collaboration will be required to overcome this obstacle.
  • The insurance market, including re/insurance companies, brokers, and relevant associations, have an important role to play in providing greater clarity about the coverage available for cyber risk and which policies provide that coverage.
  • There is significant concern about the potential for accumulated losses as a result of an incident with sizeable impacts on a large number of policyholders. Governments should develop strategies for managing the potential financial impacts of a catastrophic cyber event, taking into account the guidance provided in the OECD Recommendation on Disaster Risk Financing Strategies.
  • Leveraging its expertise in insurance and digital security risk management, the OECD can contribute to helping governments overcome challenges to the development of the cyber insurance market, including through additional research in the areas identified in the report.

The full report is available for download here.

Author: admin

Leave a Reply