February 26, 2019

While speaking at the Third Annual Fintech and Regulation Conference in Brussels, the EIOPA Chair Gabriel Bernardino discussed what EIOPA is doing and what should be done to cope with the challenges posed by cyber risk at a global level. He opines that these risks affect the insurance sector on two levels: the first involves the security of the insurance business and the second relates to the role of insurance in covering and managing cyber risk.

Mr. Bernardino believes that a well-developed cyber insurance market can help to raise awareness of businesses to the risks and losses that can result from cyber-attacks; to share knowledge of good cyber risk management practices; to encourage risk reduction investment by establishing risk-based premiums; and to facilitate responses to, and recovery from, cyber-attacks. The future demand for coverage of this kind will depend, to a large extent, on both the frequency of high-profile cyber incidents and legislative developments in relation to personal data protection. In this context, the implementation of the data protection regulation in EU may lead to a significant growth in cyber risk insurance, with estimates suggesting that there may be parity between the EU and U.S. markets in coming years. Although coverage of cyber risk by insurers is still in its infancy, most of the market is concentrated in the United States. Growth in this market, however, has been significant, with the current forecasts suggesting that premiums may reach USD 20 billion in 2025.

He added that EIOPA has been monitoring developments in the cyber insurance market for some time. Last year, EIOPA published a report titled "Understanding cyber insurance" based on a structured dialog with insurance companies across Europe. Through this dialog, EIOPA identified a number of issues relevant to the cyber insurance market in Europe. It was found that the cyber insurance industry expects a gradual increase in demand for insurance, mainly driven by new regulation, the increase in cyber risk related incidents, increased awareness of risks, and the increased frequency and severity of cyber attacks. Regulation may be welcomed by the industry in a moderate fashion, as it could help to address some of the identified challenges.

He also added that EIOPA took into account its work and these findings in the development of our supervisory convergence plan for 2018–2019. In this plan, cyber risk is identified as a priority under the supervision of emerging risks. As part of the activities in this field, EIOPA will develop guidelines regarding Information & Communication Technologies (ICT), security and governance, including cyber resilience, and will further develop supervisory practices that seek to assess information system resilience, cyber risk vulnerability, and the insurance industry’s use of big data. EIOPA will also look into an efficient way of carrying out stress tests on the resilience of the insurance sector to cyber-attacks. It is clear that cyber insurance affects countries worldwide, not just in Europe. Issues related to cyber security and cyber risk are, therefore, one of the three priorities of the EU-U.S. Insurance Project, in which EIOPA plays a leading role. He concluded that "This is a universal challenge! Everyone has to contribute to meet this challenge!"

 

Related Link: Speech (PDF)

Keywords: Europe, EU, Insurance, Cyber Risk, Regtech, Stress Testing, Guidelines, EIOPA

Related Articles
News

BCBS and IOSCO Extend Implementation of Final Phase of Margin Rules

BCBS and IOSCO agree to one-year extension of the final implementation phase of the margin requirements for non centrally cleared derivatives.

July 23, 2019 WebPage Regulatory News
News

APRA Proposes Stronger Remuneration Requirements in Australia

APRA is proposing to strengthen prudential requirements for remuneration across all APRA-regulated entities in the banking, insurance, and superannuation industries by issuing CPS 511, a new prudential standard on remuneration.

July 23, 2019 WebPage Regulatory News
News

PRA Consults on Availability of Group Own Funds Under Solvency II

PRA published a consultation paper (CP16/19) that sets out its proposed approach to the determination of the availability of subordinated liabilities and preference shares in group own funds.

July 22, 2019 WebPage Regulatory News
News

EIOPA Consults on Methodological Principles for Insurer Stress Testing

EIOPA published a discussion paper on the methodological principles for stress testing the insurance sector in EU.

July 22, 2019 WebPage Regulatory News
News

US Agencies Adopt Rule to Exclude Community Banks from Volcker Rule

US Agencies (CFTC, FDIC, FED, OCC, and SEC) adopted a final rule to exclude community banks from the Volcker Rule, in line with amendments to certain sections of the Economic Growth, Regulatory Relief, and Consumer Protection (EGRRCP) Act.

July 22, 2019 WebPage Regulatory News
News

US Agencies Adopt Amendments to Simplify Regulatory Capital Rules

US Agencies (FDIC, FED, and OCC) adopted a final rule that reduces regulatory burden by simplifying several requirements in the regulatory capital rules for banks.

July 22, 2019 WebPage Regulatory News
News

IA of Hong Kong Delegates Inspection and Investigation Powers to HKMA

HKMA and IA of Hong Kong jointly issued a statement announcing the delegation of the inspection and investigation powers of IA to HKMA, pursuant to the statutory regulatory regime for insurance intermediaries under the Insurance Ordinance.

July 19, 2019 WebPage Regulatory News
News

FSB Extends Implementation Timeline for Policy Recommendations on SFTs

FSB announced adjustments to the implementation timelines for its recommendations on securities financing transactions (SFTs), specifically those related to the minimum haircut standards for non-centrally cleared SFTs.

July 19, 2019 WebPage Regulatory News
News

EBA Single Rulebook Q&A: Third Update for July 2019

EBA published answers to six questions under the Single Rulebook question and answer (Q&A) tool this week.

July 19, 2019 WebPage Regulatory News
News

EBA Report Assesses Regulatory Framework for Fintech Activities

EBA published the findings of its analysis on the regulatory framework applicable to fintech firms when accessing the market.

July 18, 2019 WebPage Regulatory News
RESULTS 1 - 10 OF 3494