ENISA publishes recommendations on cyber insurance

The European Union Agency for Network and Information Security (ENISA) has published a report on the commonality of risk assessment language in cyber insurance. ENISA comments on the growth of the cyber insurance market and its anticipated further expansion as a result of the General Data Protection Regulation and the Directive on Network and Information Security, but reports on the lack of harmonisation of risk assessment language.

The report includes a discussion of the following:

  • an overview of the cyber insurance market building blocks, including the underwriting methods and coverage types;
  • the main elements influencing the risk assessment language, i.e. standards, coverage types and underwriting questionnaires and analyses their harmonisation based on a sample of policies and questionnaires;
  • current industry practices in terms of coverage and underwriting methods based mainly on interview feedback and links them to language harmonisation;
  • an analysis of market dynamics towards market maturity and language harmonisation including incentive, barriers and key drivers; and
  • two sets of recommendations, one towards the industry and one towards policy makers.