BMA provides guidance on cyber underwriting
A Bermuda Monetary Authority analysis has reported that the impact of cyber-risk across all industries has been heightened by globalisation, digitisation and the pandemic.
The BMA said cyber is still a small three per cent of overall Bermuda gross written premiums in insurance, but there is a steady increase in the cyber market’s overall premium, claims and exposures year on year.
This, from the BMA’s Bermuda Cyber Underwriting Report 2021.
And closer attention needs to be focused, the regulators say, on current data on potential non-affirmative cyber exposures because they pose a significant risk to the insurance industry.
The authority said there are far-reaching implications, including overlapping coverages in cyber insurance policies and types of insurance policies (eg, business interruption, ransomware, social engineering and property damage) that need to be considered in an insurer’s risk management framework for cyber-risk.
The BMA raised concerns about other issues and challenges that groups and commercial insurers face surrounding the treatment of ransom, fines, terrorism and war risk, which raise other public policy issues relating to insurability of penalties and concerns about countering terrorism financing.
Another key concern, the report says, is understanding cyber-risk accumulations, especially where cyber-risk may entail an important systemic impact on both the insurer’s own operations and in its business portfolio.
The BMA joined the International Association of Insurance Supervisors with concerns about cyber-risk underwriting and will contribute to the global group’s efforts in providing useful guidance to the market in managing cyber-risk.
And in doing so, the BMA underscored their recommendations to the Bermuda industry.
Silent cyber/non-affirmative cyber-risk management groups and commercial insurers should continue their efforts in providing clarity of cyber coverage to their policyholders.
The BMA invites industry to provide useful feedback on the BMA-prescribed scenarios as they complete this exercise for the coming year end filing.
There should be compliance with the Insurance Sector Operational Cyber Risk Code of Conduct, which became enforceable at the start of the year.
Companies were encouraged to review the recently issued Bermuda Insurance Sector Operational Cyber Risk Management 2021 Report for further guidance on how one’s company fares against best practices set out in the code and against their peers, especially on the areas where control deficiencies are identified.
Reasonable efforts should be made to comply with the recommendations in the report.
And as the cyber threat landscape continues to evolve, the authority encourages industry to engage closely with their respective supervisors to ensure that they comply with the code and related regulations as expected.