Supervisory statement on the management of non-affirmative cyber exposures

The frequency and sophistication of cyber incidents in the financial sector has increased substantially over the course of the last few years, as economic and financial activities have been heavily digitalised.

Against this backdrop, EIOPA recommends NCAs to dedicate higher attention to the supervision of cyber underwriting risk, in particular to (re)insurance undertakings that have potentially significant exposure to non-affirmative cyber insurance risk and to those who have not yet developed a plan to identify and manage non-affirmative cyber underwriting risk, including tailored considerations regarding the specificities of the multiple Lines of Business and products impacted.