On Thursday, the New York State Department of Financial Services issued cyber insurance to all real estate / accident insurance companies doing business in the state.
In the guide, the regulator recommends New York-regulated real estate / accident insurance companies that offer cyber coverage. to establish a formal strategy for measuring cyber insurance risk that is managed and approved by their board or other governing body.
This strategy should be proportionate to the risk of each insurer based on its size, resources, geographical distribution and other factors, the Financial Services Department said.
It is also recommended not to make redemption payments. Cyber insurance is crucial to managing and reducing the extraordinary risk we face from cyber intrusion, New York State Department of Financial Services Superintendent Linda Lacewell said in a statement.
"After extensive dialogue with industry and experts, we provide guidance to promote the growth of a robust cyber insurance market that can effectively help us protect ourselves against the growing cyber threats we face," says Lacewell.
The so-called cyber insurance risk framework prepared by the regulator especially urges insurers. to manage and eliminate exposure to "silent" cyber insurance risk.
"Because tacit risk can exist in many different types of insurance, even insurance companies that write little or no cyber insurance need to measure and manage tacit risk in their non-cyber insurance," Lacewell said in the guide.
The framework also advises insurers
"In addition to the overall rising costs, insurers must take into account the systemic risk that arises when a widespread cyber incident injures many insureds at the same time, which could potentially worsen insurers with large losses," says the Guide. , the benefits and limitations of cyber insurance. "an increase in ransomware attacks and the Solar Winds-based cyber espionage campaign.
In the guide, the department states that it has evaluated the effects of the SolarWinds compromise and appreciates" industry involvement in this process. "
" Although this cyber campaign seems to have been targeted d on espionage and non-destructive attacks, given the number of organizations involved the total remediation costs are likely to be significant, "Lacewell said in the guidance.
Although cyber insurance is a relatively new business area for most insurance companies, it has grown rapidly, the regulator said.