The New York State Department of Financial Services (DFS) has issued new guidance, highlighting best practices for New York-regulated property/casualty insurers writing cyber insurance.
The new Cyber Insurance Risk Framework, designed to support these insurers’ cyber insurance risk management efforts, is said to be the first guidance on cyber insurance by a watchdog in the US.
The regulator has directed these insurers to have a formal strategy for measuring cyber insurance risk.
The strategy should be cleared by its board or other governing entity and should be proportionate with each insurer’s risk depending on various factors such as its size, resources, geographic distribution, among others.
The watchdog has encouraged insurers to manage and remove exposure to “silent” cyber insurance risk, assess systemic risk, and measure insured risk leveraging a data-driven approach to evaluate potential gaps and vulnerabilities in insureds’ cybersecurity.
At the same time, it has encouraged insurers to educate insureds and insurance producers regarding the value of cybersecurity measures, and require that insureds notify law enforcement in case of a cyber attack.
The guidance also directs insurers to secure cybersecurity expertise through strategic recruiting.
DFS superintendent Lacewell said: “Cybersecurity is the biggest risk for government and industry, bar none. Cyber insurance is critical to managing and reducing the extraordinary risk we face from cyber intrusions.
“After extensive dialogue with industry and experts, we are issuing guidance to foster the growth of a robust cyber insurance market that can effectively help protect us against the growing cyber threats we face.”
The move is in response to the significant rise in risk and cost related to cybercrime.
Last month, British insurance brokerage Willis Towers Watson launched two new cyber risk assessment services to help clients handle cyber risk better.