OECD releases policy recommendations for cyber risk management
The Organisation for Economic Development (OECD) has released a report that provides ‘a series of policy recommendations aimed at enhancing the contribution of the cyber insurance market to managing increasingly prevalent risk’.
The report, based on questionnaire responses culled from insurers, reinsurers, and brokers active in the global market, as well as the ministries of finance and insurance regulators responsible for overseeing that market, identifies the growing cyber risk and insurance’s contribution to cyber risk management.
It discusses such issues as data confidentiality, system malfunction, data integrity and availability and what happens when there is malicious activity. It also looks at the cyber insurance market as a stand-alone market as well as coverage for cyber-related losses in existing (traditional) policies.
The report also addresses challenges to the cyber insurance market and cyber insurability, and discusses how to support the cyber insurance market through better policies and regulation.
The key findings include:
- Insurance can contribute to improving the management of cyber risk and should be considered an essential component of countries’ strategies for addressing digital security risk.
- The policy, legal, and regulatory framework can have important implications for how much information on cyber incidents is made available and therefore the level of uncertainty when underwriting cyber risk.
- The lack of data on cyber incidents is a significant impediment to the management of cyber risk, including the transfer of cyber exposures to insurance markets. Greater public-private collaboration will be required to overcome this obstacle.
- The insurance market, including re/insurance companies, brokers, and relevant associations, have an important role to play in providing greater clarity about the coverage available for cyber risk and which policies provide that coverage.
- There is significant concern about the potential for accumulated losses as a result of an incident with sizeable impacts on a large number of policyholders. Governments should develop strategies for managing the potential financial impacts of a catastrophic cyber event, taking into account the guidance provided in the OECD Recommendation on Disaster Risk Financing Strategies.
- Leveraging its expertise in insurance and digital security risk management, the OECD can contribute to helping governments overcome challenges to the development of the cyber insurance market, including through additional research in the areas identified in the report.
A PDF of the report is available for download here.