PRA sets out plans for regulating ‘silent cyber’ in 2019
Insurance firms have been urged to take more action on ‘silent cyber’ - or non-affirmative cyber risk - in a letter from the Bank of England’s Prudential Regulation Authority (PRA).
The letter praised insurers for their efforts so far but highlighted the ongoing need to do more inline with the Supervisory Statement (SS) 4/17 ‘Cyber insurance underwriting risk’ published in 2017.
A PRA survey conducted in 2018 found that “although some work has been done, more ground needs to be covered by firms especially in relation to non-affirmative cyber risk management, risk appetite and strategy”.
The PRA acknowledged insurers’ survey responses highlighting “challenging market conditions, broker pressure, and lack of historic data, models, and expertise as the main impediments for the prudential management of cyber underwriting risk”.
But it added: “We appreciate these challenges but do not believe they are insurmountable.
“The responsibility is on firms to progress their work and fully align with the expectations set out in SS4/17.”
PRA said insurers “should develop an action plan by H1 2019 with clear milestones and dates by which action will be taken” to reduce the unintended exposure to non-affirmative cyber risk.
The PRA said that its supervisors may ask to review these plans and subsequent progress.
In the second half of 2019, the regulator said it plans to provide further, targeted feedback to surveyed firms, arrange meetings with individual firms by the end of Q1 2019, and co-ordinate with Lloyd’s to agree any follow-up actions in relation to Lloyd’s managing agents.
The PRA intends to carry out sample deep-dive reviews at other firms (not necessarily those in our initial sample) in H2 2019 to assess how these firms are meeting the expectations set out in SS4/17.
“We will continue to keep this subject under review in the light of the progress firms make on these outstanding areas. Depending on progress, we will consider whether any further steps are appropriate in due course, such as potential revisions or additions to SS4/17,” the letter concluded.
Already registered?
Login to your account
If you don't have a login or your access has expired, you will need to purchase a subscription to gain access to this article, including all our online content.
For more information on individual annual subscriptions for full paid access and corporate subscription options please contact us.
To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.
For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Elliot Field at efield@newtonmedia.co.uk or Adrian Tapping at atapping@newtonmedia.co.uk
Editor's picks
Editor's picks
More articles
Copyright © intelligentinsurer.com 2024 | Headless Content Management with Blaze