The European Union Agency for Network and Information Security (ENISA) has published a report on the commonality of risk assessment language in cyber insurance. ENISA comments on the growth of the cyber insurance market and its anticipated further expansion as a result of the General Data Protection Regulation and the Directive on Network and Information Security, but reports on the lack of harmonisation of risk assessment language.
The report includes a discussion of the following:
- an overview of the cyber insurance market building blocks, including the underwriting methods and coverage types;
- the main elements influencing the risk assessment language, i.e. standards, coverage types and underwriting questionnaires and analyses their harmonisation based on a sample of policies and questionnaires;
- current industry practices in terms of coverage and underwriting methods based mainly on interview feedback and links them to language harmonisation;
- an analysis of market dynamics towards market maturity and language harmonisation including incentive, barriers and key drivers; and
- two sets of recommendations, one towards the industry and one towards policy makers.