The European Insurance and Occupational Pensions Authority (EIOPA) published today its fourth paper in a series of papers on methodological principles of insurance stress testing. The paper focuses on the cyber risk component, and it is a further step in enhancing EIOPA’s bottom-up insurance stress testing framework.
The aim of the paper is to set the ground for an assessment of insurers’ financial resilience under severe but plausible cyber incident scenarios. The methodological principles cover insurers’ own cyber resilience and the vulnerabilities related to cyber underwriting risk. Overall, the principles should help in the design phase of future insurance stress tests with focus on cyber risks. Operational resilience testing, as required under the Digital Operational Resilience Act (DORA), is not in the scope of the current paper.
The principles are built on relevant and still evolving regulation and supervisory experience in this area. Hence, the proposed framework might evolve in the future to reflect developments in the assessment of cyber risks at European and global level.
The paper also took into account the feedback provided by stakeholders during the public consultation.
In 2019, EIOPA initiated a process to improve its methodology for bottom-up stress testing. The first paper of the series set out the methodological principles of insurance stress testing while the second paper focused specifically on methodological principles that can be used to design exercises assessing insurers’ vulnerability to liquidity shocks. The third paper outlined the methodological principles for stress testing of climate change risk.
- Publication date
- 11 July 2023