Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

18 January 2019

GFIA comments on the OECD Insurance and Private Pensions Committee’s (IPPC) next steps on cyber issues


GFIA appreciates its engagement with the OECD to date and would like to renew its commitment to working with the OECD on its new cyber insurance project to review legislative and regulatory impacts on cyber insurance coverage.

The cyber insurance market is an important resiliency tool with many ancillary benefits. Every year the market continues to grow responsibly as insurers innovate and address consumer needs and market demands.  

There are challenges to market growth, which the industry continually monitors and works to overcome. Among these challenges are educational and awareness gaps, a risk landscape that is continually evolving and a need for more data. IPPC members may want to consider reviewing the broader cybersecurity landscape to review how policy and regulation can support open market penetration through greater cyber risk awareness, data sharing and information sharing.   

As noted in the OECD consultation document, there is international confusion as to the insurability of fines and penalties. OECD work to clarify this issue would benefit consumer and insurer contract certainty.  

As to the scope of the project, GFIA is of the view that beginning with an understanding of the importance of open, growing cyber insurance markets will lead to a balanced project focused on addressing the challenges to market growth, which is preferable to outcomes on regulatory strategies or best practices. Importantly, in addition to the questionnaire, the project scope indicates that there will be consultations to understand the implications and impact of legislation and regulation, which is an important methodology element for this analysis.  

GFIA suggests the following questions regarding how legislation and regulation may affect bringing products to market (i.e filing/product approval requirements and data issues). Potential questions for the OECD to ask of members are:

  • Have regulatory or supervisory requirements or guidance that outline specific security measures had an effect on the insurance market? If yes, please describe the impact.
  • How do governmental authorities consider the effect of legislation and regulation on cyber markets? Do you conduct a cost/benefit analysis? Or consult with industry?
  • Are there any current or planned legislative, regulatory or supervisory requirements (imposed by the insurance supervisor or other authority) that alleviate procedural hurdles for bringing cyber insurance products to market?
  • Do governments support data/information sharing? If so, what policies and practices do they employ to do so?

Full position paper



© GFIA - Global Federation of Insurance Associations


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment