août 26 2024

US NAIC Summer 2024 National Meeting Highlights: Cybersecurity (H) Working Group

Share

On August 14, 2024, the Cybersecurity (H) Working Group (“CWG”) of the Innovation, Cybersecurity and Technology (H) Committee met at the Summer 2024 National Meeting of the US National Association of Insurance Commissioners (“NAIC”). In addition to routine matters, such as the adoption of the CWG’s July 9 meeting minutes, the meeting covered the following matters. 

The State of the Cyber Insurance Market

The CWG hosted an industry panel discussion on “The State of the Cyber Insurance Market: Trends, Challenges, and Opportunities,” moderated by Jon Godfread, the North Dakota Insurance Commissioner. The discussion covered the evolving cyber insurance market, including underwriting innovations, cyber risk mitigation, coverage developments and regulatory support. 

Market Trends

The panelists noted that the cyber insurance market has quickly developed in recent years. Some of the market trends highlighted included the following:

  • The pricing environment has become more competitive as new cyber insurance providers have entered the market.
  • Coverage has become more complicated and comprehensive. There have been pricing developments, such as the use of coinsurance. There have also been developments in the types of coverage offered, such as coverage of ransomware.
  • The underwriting process has become more sophisticated and additional technologies have been deployed to support the underwriting process.
  • There has been an increased focus recently on risk mitigation and engaging with insureds in a consultative way to try and prevent cybersecurity incidents from happening in the first place.
  • The importance of cyber education has increased for both insureds and capacity providers, such as reinsurers.
“Off-the-Shelf” Cyber Policies

During the discussion, a CWG member asked whether “off-the-shelf” cyber coverage exists or is feasible. A panelist explained that there is currently no universal off-the-shelf policy. Cyber policies need to be carefully underwritten and crafted to the individual policyholder’s needs. A small subset of insurers currently offers robust policy templates that require less refinement than others, but such policies are not available consistently across all industry verticals, and there remains significant variance to be addressed. Industry panelists and CWG members expressed agreement that standardized, off-the-shelf cyber coverage is increasingly feasible, but significant gaps remain. 

Artificial Intelligence

The panelists and CWG members discussed artificial intelligence (“AI”) and its current and anticipated implications for cyber insurance and for cyber incidents more generally. An industry panelist explained that advancements in AI, as with many commercial applications, enable threat actors to scale their operations and conduct more widescale attacks. One example provided was ransomware attacks in Japan, which have become easier to conduct with the advent of language translation by AI, whereas threat actors previously had been limited in their ability to communicate in Japanese. The panelist noted that AI has also led to advances in defense against cyber-attacks.

Cyber War Exclusions and Cyber-Attack Coverage

CWG members and industry panelists discussed the industry response to an August 2022 bulletin issued by Lloyd’s of London outlining guidelines for state-action and cyber-terrorism exclusions with which Lloyd’s market participants were expected to comply by March 2023. The Lloyd’s Market Association has now identified approximately 40 different cyber war exclusion clauses that comply with the bulletin. The industry panelists observed that the presence of cyber war exclusions has become normalized and most policyholders are now willing to accept the inclusion of a cyber war exclusion clause in their cyber policies. CWG members also asked about the viability of a federal cyber backstop, and the industry panelists responded that the industry is working through this issue.

Regulatory Support

Industry panelists highlighted the need for openness from insurance regulators regarding innovation in the cyber insurance space. They also noted the need for insurance regulators to remain aware of the ever-evolving nature of cyber risk, and to maintain a proper understanding of the product.

To view additional updates from the US NAIC Summer 2024 National Meeting, visit our meeting highlights page.

Compétences et Secteurs liés

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.
Subscribe