The PRA’s letter on cyber underwriting: ignore “silent” cyber exposures at your peril

The PRA has written to insurance firms highlighting its concerns about both “affirmative” cyber cover and “non-affirmative” (or silent) cyber exposure.

An increased focus on and awareness of cyber risk in recent years has led to the expansion of the market for insurance cover for cyber losses. Many insurers now have specialist products which cover cyber risks, but in addition to this “affirmative” cyber cover, there is a concern that some traditional liability policies inadvertently provide cover for such losses (ie silent or non-affirmative cyber cover).

The Prudential Regulation Authority (PRA) conducted a survey of firms’ cyber underwriting prices during 2018, and on 30 January 2019, the PRA wrote a letter to Chief Executives of general insurance firms, summarising the findings of its survey. In particular:

  • The PRA raises several concerns regarding the market for “affirmative” (ie deliberately written) cyber cover, including that many insurers appear not to have adjusted their practices (eg in relation to pricing) to reflect the nature of cyber risk, and
  • The PRA’s letter indicates serious concerns regarding the potential scale of “silent” cyber cover losses, as the survey results suggest that many insurers have not ascertained their exposure to “non-affirmative” or ”silent” cyber cover.
  • The PRA is also critical of insurers’ claims-handling processes, which it has found to be too inflexible to allow for appropriate handling of instances of “silent” cyber.

We consider the most important considerations for insurers arising from the PRA’s letter more fully here.

This document (and any information accessed through links in this document) is provided for information purposes only and does not constitute legal advice. Professional legal advice should be obtained before taking or refraining from any action as a result of the contents of this document.