PRA has published a policy statement and supervisory statement on cyber insurance underwriting risk. The statements are relevant to all UK non-life insurance and reinsurance firms and groups within the scope of Solvency II including Lloyd’s and managing agents. The supervisory statement sets out PRA’s final expectations regarding the prudent management of cyber underwriting risk, which relate to three broad areas:
- non-affirmative cyber risk (insurance policies that do not explicitly include or exclude coverage for cyber risk);
- cyber risk strategy and risk appetite; and
- cyber expertise.