Cyber insurance underwriting

Helping boards create supervisory confidence

This report takes a practical look at how senior insurance leaders can respond to risks posed by their firms’ cyber underwriting exposures, including silent cyber, in view of heightened scrutiny of these risks by regulators and supervisors. It includes key risks and actions for firms, practical steps to address some of the challenges posed by cyber risk, questions board members can use to challenge their organisation’s approach, and positive and negative indicators that supervisors may look for as they evaluate insurers’ management of cyber underwriting risk.

Cyber insurance has come under increasing regulatory scrutiny as a result of the rapid growth of the market and the uncertainty of expected losses against which firms have to reserve and hold capital. This report looks at key areas of risks that insurers are likely to face, and how they can create supervisory confidence in their management of these.

Key risks faced by insurers:

Identifying and managing silent cyber risk - Supervisors are concerned that insurers may be unaware of the full extent and nature of their cyber exposures. Therefore, insurers need to identify, quantify, and manage their cyber exposures in line with regulatory expectations.

Managing modelling and data risks - To address supervisory concerns, insurers will need to demonstrate the robustness of their approach to modelling cyber risks and that strong model risk management is applied to meet the specific challenges of modelling cyber risks.

Managing tail risks - Supervisors are concerned that firms may find it challenging to manage their exposures to low-probability, high-impact events. Therefore, firms will have to demonstrate that they understand and can manage effectively their peak and accumulation risks, and that their reinsurance arrangements will work as intended and reflect the board’s risk appetite.


Download the report to understand key risks and possible actions for firms to manage cyber underwriting risks.

Did you find this useful?