Skip to main content
Featured Topics
Featured Insights
View All Services
View All Industries
About Us Overview
    • Home
    • Insights
    • US NAIC Summer 2024 National Meeting Highlights: Cybersecurity (H) Working Group
      August 26, 2024

      US NAIC Summer 2024 National Meeting Highlights: Cybersecurity (H) Working Group

      Authors:
      Generate PDF
      Share

      On August 14, 2024, the Cybersecurity (H) Working Group (“CWG”) of the Innovation, Cybersecurity and Technology (H) Committee met at the Summer 2024 National Meeting of the US National Association of Insurance Commissioners (“NAIC”). In addition to routine matters, such as the adoption of the CWG’s July 9 meeting minutes, the meeting covered the following matters. 

      The State of the Cyber Insurance Market

      The CWG hosted an industry panel discussion on “The State of the Cyber Insurance Market: Trends, Challenges, and Opportunities,” moderated by Jon Godfread, the North Dakota Insurance Commissioner. The discussion covered the evolving cyber insurance market, including underwriting innovations, cyber risk mitigation, coverage developments and regulatory support. 

      Market Trends

      The panelists noted that the cyber insurance market has quickly developed in recent years. Some of the market trends highlighted included the following:

      • The pricing environment has become more competitive as new cyber insurance providers have entered the market.
      • Coverage has become more complicated and comprehensive. There have been pricing developments, such as the use of coinsurance. There have also been developments in the types of coverage offered, such as coverage of ransomware.
      • The underwriting process has become more sophisticated and additional technologies have been deployed to support the underwriting process.
      • There has been an increased focus recently on risk mitigation and engaging with insureds in a consultative way to try and prevent cybersecurity incidents from happening in the first place.
      • The importance of cyber education has increased for both insureds and capacity providers, such as reinsurers.
      “Off-the-Shelf” Cyber Policies

      During the discussion, a CWG member asked whether “off-the-shelf” cyber coverage exists or is feasible. A panelist explained that there is currently no universal off-the-shelf policy. Cyber policies need to be carefully underwritten and crafted to the individual policyholder’s needs. A small subset of insurers currently offers robust policy templates that require less refinement than others, but such policies are not available consistently across all industry verticals, and there remains significant variance to be addressed. Industry panelists and CWG members expressed agreement that standardized, off-the-shelf cyber coverage is increasingly feasible, but significant gaps remain. 

      Artificial Intelligence

      The panelists and CWG members discussed artificial intelligence (“AI”) and its current and anticipated implications for cyber insurance and for cyber incidents more generally. An industry panelist explained that advancements in AI, as with many commercial applications, enable threat actors to scale their operations and conduct more widescale attacks. One example provided was ransomware attacks in Japan, which have become easier to conduct with the advent of language translation by AI, whereas threat actors previously had been limited in their ability to communicate in Japanese. The panelist noted that AI has also led to advances in defense against cyber-attacks.

      Cyber War Exclusions and Cyber-Attack Coverage

      CWG members and industry panelists discussed the industry response to an August 2022 bulletin issued by Lloyd’s of London outlining guidelines for state-action and cyber-terrorism exclusions with which Lloyd’s market participants were expected to comply by March 2023. The Lloyd’s Market Association has now identified approximately 40 different cyber war exclusion clauses that comply with the bulletin. The industry panelists observed that the presence of cyber war exclusions has become normalized and most policyholders are now willing to accept the inclusion of a cyber war exclusion clause in their cyber policies. CWG members also asked about the viability of a federal cyber backstop, and the industry panelists responded that the industry is working through this issue.

      Regulatory Support

      Industry panelists highlighted the need for openness from insurance regulators regarding innovation in the cyber insurance space. They also noted the need for insurance regulators to remain aware of the ever-evolving nature of cyber risk, and to maintain a proper understanding of the product.

      To view additional updates from the US NAIC Summer 2024 National Meeting, visit our meeting highlights page.

      Authors

      Related Content

      Related Services & Industries

      Stay Up To Date With Our Insights

      See how we use a multidisciplinary, integrated approach to meet our clients' needs.
      Subscribe

      Follow us

      © 2024 Mayer Brown

       

       

      Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the “Mayer Brown Practices”). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC (“PKWN”) is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website.

      “Mayer Brown” and the Mayer Brown logo are trademarks of Mayer Brown.

      Attorney Advertising. Prior results do not guarantee a similar outcome.