ABI, Lloyd’s unveil major cyber event framework to inform risk appetite and aggregationThe Association of British Insurers has published a paper in collaboration with Lloyd’s providing a guide for (re)insurers on how to approach defining a major cyber event.
Ferma calls for reduced EU cyber reporting burden as WTW underlines insurance implicationsThe Federation of European Risk Management Associations has called on EU institutions to simplify cyber reporting requirements and to consider the insurance implications of cyber-related legislation.
European regulators to form cybersecurity committeeA cohort of EU financial regulators have come together to create a cyber coordination body to govern and coordinate the response of insurers, banking institutions and capital markets in the event of a systemic cyber attack.
Climate risk, cybersecurity and regulatory review form latest Ferma manifestoThe Federation of European Risk Management Associations has emphasised bolstering cybersecurity, reducing the regulatory burden and ensuring access to insurance through the low-carbon transition in its new five-year policy manifesto.
Preparing for Canada’s proposed privacy legislationChris Pitcher, head of cyber for Arch Insurance Canada, answers key questions on the proposed Bill C-27 and how organisations can best position themselves for success.
CISA draft rules mark big shift in cyber regulatory landscapeNewly proposed Cybersecurity & Infrastructure Security Agency rules for reporting cybersecurity incidents add to the growing list of regulations that US businesses must comply with.
Wilson Elser’s Cvitanovic: Cyber breach disclosure rule changes “very much in flux”Wilson Elser’s Dominik Cvitanovic has said a “major focus” for cybersecurity lawyers and breach coaches is a wave of newly established breach notification rules adopted by US federal agencies that have put breach victims’ obligations “very much in flux”.
Chubb’s Greenberg: SEC’s cybersecurity rules “a bad idea” and “an overreach”The new US Securities and Exchange Commission rules requiring disclosure of material cybersecurity breaches are “unwise”, Chubb’s Evan Greenberg has commented, because they put pressure on companies to settle with attackers while providing a roadmap for other bad actors.
SEC cybersecurity regulations: Living in a “material” world for disclosureThe new Securities and Exchange Commission regulations on disclosing cybersecurity incidents will potentially lead to third-party claims, while also providing threat actors with another lever to pull during attacks.
Draft UK cyber governance code – a boon to cyber insurers?Matt Waller, head of underwriting, UK at Corvus Insurance, argues that the UK government’s draft addresses a fundamental component of good cybersecurity – buy-in from the very top.
TVSompo Intl’s DePiero: Loss development to deter cyber market from rate reductionsLoss development from 2023 in the cyber market should taper any further reductions in rate, according to Richard DePiero, EVP and head of Sompo Pro US at Sompo International.
FCA fines Equifax £11mn for mishandling of UK consumer data breachThe Financial Conduct Authority has handed an £11.16mn fine to consumer credit reporting agency Equifax Ltd for its failure to manage and monitor the security of UK consumer data outsourced to its US-based parent company, which was hit by a cybersecurity breach in 2017.
Corvus’ Waller welcomes FCA call for cyber wording consistencyEnsuring fair value and that customers understand the policies they are purchasing is essential for the evolution of a stable and sustainable cyber insurance market, according to Corvus Insurance’s Matthew Waller.
SEC adopts new rules on cybersecurity disclosureThe Securities and Exchange Commission has announced the adoption of rules that require US-listed companies to disclose cybersecurity incidents and make annual disclosures, in a move that may provide a source of securities class actions filings.
PRA to scrutinise uncertainty risk in cyber and aviation wordingsThe Bank of England has flagged concerns that contract uncertainty risk remains “elevated above usual levels” in the UK insurance market, with the regulator placing Russia-exposed aviation and cyber wordings under increased scrutiny.
BoE to demand cyber and property data under new SII reporting rulesThe Bank of England wants UK (re)insurers to report on cyber risk exposure and certain specialty non-life products, including property and business interruption insurance, in a series of changes designed to plug “gaps” in the regulator’s oversight.
Pool Re launches “cyber SWOT” review as UK Gov talks continuePool Re has launched a pan-industry review of catastrophic cyber risk as exploratory talks continue between the UK terrorism mutual and HM Treasury over whether its remit could be expanded to cover state-sponsored or war-related cyber attacks, The Insurer understands.
RPC: 2023 set to test cyber insurance exclusionsNew exclusions and restrictive language around the scope of cyber cover will be put to the test in 2023 as insurers attempt to navigate the “shadowy context” of cyber operations, according to law firm RPC.
Eiopa unveils strategic focus on ESG, protection gaps and cyberEurope’s insurance supervisor has pledged to step up its work on climate-related regulatory disclosures for firms under its supervision and focus on addressing existing protection gaps.