EIOPA has published a strategy document, aimed at setting out guidelines for convergence of market rules when it comes to cyber/AI underwriting. EIOPA says this will promote appropriate cyber underwriting and cyber risk management practices by industry, as well as good supervisory practices. EIOPA will also promote adequate assessment and mitigation tools to address potential systemic cyber and extreme risks.
The plan has been developed according to a risk-based approach and in close cooperation with national supervisors. It is a strategic tool that supports EIOPA in its goal to build a European common supervisory culture.
Some of the interesting extracts from the EIOPA plans include the following;
Adequate assessment and mitigation tools to address potential systemic cyber and extreme risks.
Cyber risk is increasingly seen as a potentially systemic risk for the financial system and the real economy. The threat of systemic risk events coming from cyber incidents might require responses from both the government and the industry to provide
adequate insurance capacity in support of the real economy.
It is therefore important to continue to assess and monitor the extent of potential systemic cyber events and whether some risks could become uninsurable in the future, which may hamper the real economy.
A mutual understanding of contractual definitions, conditions and terms, for both, policyholders and insurance undertakings.
Clear and transparent cyber coverages are crucial from a consumer protection perspective. It is the role of industry and consumers associations to provide this clarity
and align expectations on cyber insurance coverages to avoid the potential for coverage disputes and costly litigation.
The European Commission and EU institutions (including EIOPA), on the other side, could promote and act as an accelerator of this process towards greater transparency and improved mutual understanding.
EIOPA to continue organising workshops to promote on-going dialogue between industry and consumers and to engage with different stakeholders as needed (e.g. FERMA) to promote a more active dialogue with the industry. This should support a better understanding of potentially diverging underwriting practices, raise awareness on cyber security for the demand side, identify areas for improvement and promote good practices in providing cyber coverages, in line with the ENISA findings and recommendations for cyber insurance (201611 and 2017).
EIOPA to continue to monitor market developments and promote good practices if needed from a consumer protection perspective. Such areas could for instance include the transparency of coverages, exceptions for “cyber warfare” and/or distinctions between malicious/non-malicious coverages.