EU insurers and insurance associations are increasingly taking actions to reduce the industry’s exposure to non-affirmative cyber risks — risks that are neither expressly covered nor excluded from property and liability insurance policies.

In a response submitted yesterday to a consultation by the European Insurance and Occupational Pensions Authority (EIOPA) on a draft supervisory statement on the management of non-affirmative cyber exposures, Insurance Europe highlights that reducing exposure to non-affirmative cyber risks through a better understanding of them may free up capacity to write affirmative cyber cover. Nevertheless, challenges to the insurability of cyber risks are likely to remain due to the high potential for risk accumulation and to the speed at which the threat landscape is evolving.

In its response, Insurance Europe sets out its support for EIOPA’s proposal to develop high-level principles for the management of non-affirmative cyber exposures.