OECD: Insurance can cause cyber risk management
The insurance market, including reinsurance companies, brokers and relevant associations have an important role to play in providing greater clarity about the coverage available for cyber risk and which policies provide that coverage, according to the Organisation for Economic Co-operation and Development (OECD).
OECD has published ‘Enhancing the Role of Insurance in Cyber Risk Management’ that provides a series of policy recommendations aimed at enhancing the contribution of the cyber insurance market to managing this increasingly prevalent risk.
The report was prepared by OECD based on questionnaire responses received from the re/insurance companies and brokers active in this market globally and the ministries of finance and insurance regulators responsible for overseeing that market. Responses were received from 58 public and private sector organisations from 32 countries.
It provides an overview of the financial impact of cyber incidents, the coverage of cyber risk available in the insurance market, the challenges to market development and initiatives to address those challenges.
It includes a number of policy recommendations which support the development of the cyber insurance market and contribute to improving the management of cyber risk.
The key findings of the report include:
-Insurance can contribute to improving the management of cyber risk and should be considered an essential component of countries strategies for addressing digital security risks.
-The policy, legal and regulatory framework can have important implications for how much information on cyber incidents is made available and therefore the level of uncertainty when underwriting cyber risk.
-The lack of data on cyber incidents is a significant impediment to the management of cyber risk, including the transfer of cyber exposures to insurance markets. Greater public-private collaboration will be required to overcome this obstacle.
-The insurance market, including re/insurance companies, brokers and relevant associations, have an important role to play in providing greater clarity above the coverage available for cyber risk and which policies provide that coverage.
-There is significant concern about the potential for accumulated losses as a result of an incident with sizeable impacts on a large number of policyholders.