The Prudential Regulation Authority (PRA) has warned company CEOs that underwriters are committing “material shortcomings” when managing a so-called “silent” cyber risk.
In a consultation paper published this month, the PRA said it has “significant concerns” about the loss potential of “silent” cyber risk, which refers to exposures within traditional insurance policies that do not explicitly exclude cyber risk.
The regulator, which conducted a thematic study of re/insurance firms, said that companies do not currently have clear strategies and risk appetites for managing the “silent” cyber risk.
“The PRA’s work found an almost universal acknowledgement of the loss potential of cyber exposures endemic in ‘silent cyber’,” the watchdog said in a letter addressed to company CEOs.
“However, most firms did not demonstrate robust methods for quantifying and managing ‘silent’ cyber risk,” the PRA added.
The industry watchdog warned that the potential for a significant “silent” cyber insurance loss is increasing with time.
According to the PRA, casualty, marine, aviation and transport lines of business are potentially exposed to “silent” cyber losses.
The PRA is advising companies to equip themselves with the ability to monitor, manage and mitigate “silent” cyber risk effectively.
Firms exposed to the “silent” cyber risk should also have an overall strategy and associated risk appetite statements that are reviewed on a regular basis, the PRA said.
Related stories:
“Cyber is a buzzword” – says Ed CIO
Inga Beale: Cyber insurance to be a “must buy”
