Reinsurance News

PRA calls for silent cyber action from Lloyd’s, UK insurers

31st January 2019 - Author: Charlie Wood

The Prudential Regulation Authority (PRA) believes Lloyd’s and the wider UK insurance industry can do more to ensure the effective management of affirmative and non-affirmative (silent) cyber risk exposures, ordering firms to develop an action plan in the first half of 2019, with clear milestones and dates by which action will be taken.

cyber securityThe PRA conducted a survey last year with firms of varying size and says the results show that, although some work has been done, more ground needs to be covered by firms especially in relation to non-affirmative cyber risk management, risk appetite and strategy.

Firms almost all agreed that a number of traditional lines of business have considerable exposure to non-affirmative cyber risk.

However, there was significant divergence in firms’ views of the potential exposure within Property, Marine, Aviation and Transport (MAT), and Miscellaneous lines. Firms estimated their exposure to non-affirmative cyber risk on these lines to be anywhere between zero and the full limits.

The PRA says some of the variation between firms may be explained by differences in the underlying portfolios and the extent to which firms have felt able to introduce sufficiently robust exclusions and/or limits.


However, much of the divergence is likely to be reflective of differences in firms’ perception of risk. This suggests that some firms should give further thought to the potential for cyber exposure within these specific portfolios.

In relation to affirmative cyber, survey results and further market intelligence point to a material widening of coverage for cyber insurance products.

Three particular examples highlighted include coverage for business interruption (BI), contingent business interruption (CBI), and reputational damage.

Firms’ submissions of cyber stress tests (excluding non-affirmative cyber) suggested that gross losses could run in the multiples of annual cyber premiums.

There was also significant divergence on the resulting losses among firms. This, the PRA says, underlines the large uncertainty in cyber, the lack of reliable claims data and the immaturity of available models with potential links to capital adequacy.

The PRA says it has engaged with several regulatory authorities and international forums to develop a coordinated approach in the cyber field and have been encouraged by the level of interest and engagement shown

Firms reported challenging market conditions, broker pressure, and lack of historic data, models, and expertise as the main impediments for the prudential management of cyber underwriting risk. However, The PRA does not believe they are insurmountable.

Over the rest of the year the PRA plans to provide further, targeted feedback to surveyed firms, arrange meetings with individual surveyed firms by the end of Q1 2019, and coordinate with Lloyd’s to agree any follow-up actions in relation to Lloyd’s managing agents.

Print Friendly, PDF & Email

Recent Reinsurance News

Getting your daily reinsurance news from Reinsurance News is a simple way to receive only the reinsurance industry news that matters, delivered directly to your email inbox.

  • Only email is mandatory, but the more you tell us about yourself the better we can serve you in future!
  • This field is for validation purposes and should be left unchanged.

By submitting the form you are giving your consent to be emailed by us.

Read previous post:
WTW appoints Bowser to lead life insurance consulting team

The risk advisory and broking firm Willis Towers Watson (WTW) has appointed Marcus Bowser to lead its Life Insurance Consulting...