Fitch: cyber insurance rules may be costly – The Royal Gazette | Bermuda News, Business, Sports, Events, & Community

Log In

Reset Password
BERMUDA | RSS PODCAST

Fitch: cyber insurance rules may be costly

New cybersecurity regulations for financial institutions in New York have the potential to raise losses for insurers.

That is the warning from Fitch Ratings ahead of the New York Department of Financial Service's new rules, which become effective on March 1.

The agency sees the potential for premium growth in cybersecurity insurance and directors and officers insurance, but warns that the regulations could also raise loss potential for insurers.

More than 3,000 financial institutions be covered by the regulations will be required to establish a formal cybersecurity programme, adopt a written cybersecurity policy, encrypt data and conduct periodic tests of the system to identify potential vulnerabilities, among other requirements.

They must have a designated chief information security officer responsible for overseeing the policy and reporting to the board at least twice a year.

In a statement, Fitch said the rules could set a wider template for other jurisdictions.

“There is also potential for other state or federal cyber regulations passed in the future to conflict with New York's. Notably, the National Institute of Standards and Technology, a nonregulatory agency of the Department of Commerce, has several recommendations that differ from the NYDFS plan,” stated Fitch.

“The new rules could raise compliance risks for financial institutions and, in turn, premiums and loss potential for D&O insurance underwriters. The rules require a director or senior officer to annually certify compliance with the regulations.

“If management and directors of financial institutions that experience future cyberincidents are subsequently found to be non-compliant with the New York regulations, then they will be more exposed to litigation that would be covered under professional liability policies.

Fitch believes that rapid cyberinsurance growth is likely to continue, and new regulatory requirements could play a part in reinforcing the trend.

“Part of the NYDFS regulation is that a company has to notify the regulatory authorities within 72 hours of a cybersecurity event occurring. Cybersecurity insurance can help firms navigate notification laws,” stated Fitch.

The agency said data for cyberclaims, remediation costs and potential liability for insurers are limited, and hinders pricing risk, leading it view “substantial growth in stand-alone cyber coverage or higher portfolio concentration in cyber as a credit negative for insurers”.

Growing risk: there is the potential for higher losses for insurers as a result of new cybersecurity rules coming into force in New York, warns Fitch Ratings

You must be registered or signed-in to post comment or to vote.

Published February 14, 2017 at 8:00 am (Updated February 13, 2017 at 7:40 pm)

Fitch: cyber insurance rules may be costly

What you
Need to
Know
1. For a smooth experience with our commenting system we recommend that you use Internet Explorer 10 or higher, Firefox or Chrome Browsers. Additionally please clear both your browser's cache and cookies - How do I clear my cache and cookies?
2. Please respect the use of this community forum and its users.
3. Any poster that insults, threatens or verbally abuses another member, uses defamatory language, or deliberately disrupts discussions will be banned.
4. Users who violate the Terms of Service or any commenting rules will be banned.
5. Please stay on topic. "Trolling" to incite emotional responses and disrupt conversations will be deleted.
6. To understand further what is and isn't allowed and the actions we may take, please read our Terms of Service
7. To report breaches of the Terms of Service use the flag icon