Insurers have been ordered to check that they are holding sufficient capital to pay insurance claims in the event of a massive cyber-attack. The Prudential Regulation Authority (PRA) says it expects all insurers to fully understand their exposure to cyber-related losses in a recently published Supervisory Statement.
The Regulator is particularly concerned that insurers do not have a good understanding of the cyber-liabilities they may face on existing general liability policies. It also says that the boards of insurers with exposure to cyber-risks must have clear strategies to manage these risks.
Research among insurance companies by PwC suggests that only 14% of respondents have data to assess their exposure to policies which do not explicitly include or exclude liability for cyber-risks. The PRA has said that firms must reduce this unintended exposure. Actions may include adjusting premiums, introducing exclusions or putting specific limits of cover in place.
Marta Abramska of PwC’s Cyber Insurance practice says that the difficulty of dealing with cyber threats is no longer an acceptable excuse for inaction. “The PRA expects insurers to get a better handle on their cyber risk management and should be seen as a clear sign that action needs to be taken by insurers and reinsurers to fully understand their cyber exposure,” she said.
James Burgoyne, Director – Claims & Technical, Brunel Professions says that all professional firms should ensure that they could get back up and running quickly if they suffer a cyber-attack. “While some cyber-risks may be covered by general policies, dedicated cyber-liability insurance is a far better solution. These policies provide the reassurance that resources and expertise will be available to firms if they suffer an attack. We have helped many of our clients to secure cost-effective cyber-cover which enables them to sleep at night,” he said.