Question ID: 2973
Regulation Reference: (EU) 2023/894 - ITS with regard to the templates for the submission of information necessary for supervision
Topic: Reporting Templates
Template: S.14.03
Status: Final
Date of submission: 07 Feb 2024
Question
Would EIOPA consider the following to be within the definition of “cyber risks underwritten” as defined in the instructions for completing form S.14.03: a policy for which the primary cover is not cyber and cyber was not bought as a specific add-on, but for which there may be unintended exposure in the case of a cyber-related event.
EIOPA answer
If an undertaking identifies the cyber coverage, it should apply good risk management practices and isolate the cyber coverage as an add-on to main product. If the cyber coverage is recognised, it should not be regarded as a form of silent cyber coverage.