1. There are rising incidences of cyber attacks along with a growing number of high profile data breaches. The online exposures for individuals, business organizations, offices and other establishments continue to increase more so in the current pandemic situation. The Authority had, therefore, constituted a working group with a focus to examine the possibility of bringing standardisation of Cyber Liability Insurance policy wording.
2. The Working Group, after conducting wide consultations with various stakeholders, and after internal deliberations concluded that standardisation of policy wording is not desirable at this juncture keeping in view of the evolving nature of legislative frameworks in dealing with cyber risk, fast growing digital ecosystem, increasing interconnectedness globally and complexity of IT systems and emergence of new risks.
3. However, it is advised that general insurers may be guided by the model policy wordings for Personal Cyber Insurance cover and common reference framework provided on cyber insurance policies and coverages given in the document attached to this circular.
4. The main objectives of the guidance document on product structure for Cyber Insurance are;
a) to enable insurers to evaluate new technologies posing heightened cyber risk, identify protection gaps in the existing products and address the changing needs of the market.
b) to facilitate insurers in developing stand-alone cyber insurance products, specifically designed to address the evolving cyber risks.
c) to provide a set of recommendations on maximum possible coverages that could be included in the cyber insurance products.
d) to encourage insurers to adopt best practices and provide additional covers in response to customer needs.
e) to improve the development of the cyber insurance market with new products and enhance benefits for policyholders.
5. General insurers who have already developed some cyber insurance products with exclusive coverage for individuals to protect against cyber perils and currently offering the products that mainly focused on commercial business, may review the product structure based on the coverages advocated in the document. The filing of such products may be undertaken at the earliest to respond to the needs of customers who are increasingly exposed to the cyber threat of digital services.
6. The general insurers can also expand the scope of cyber risks included in the traditional policies for the benefits of policyholders. However, the insurers may be mindful of overlapping coverages in cyber insurance policies and other types of insurance policies currently covering cyber risk with limited scope.
7. Considering the demand for new cyber insurance products due to the dynamic nature of cyber-attacks and novel challenges, the general insurers shall continuously endeavour to design tailor-made products referring to model policy wordings and guidance provided in the document. The above objectives should be implemented by insurers in a manner that is fair and useful to policyholders.
8. It may be noted that the model product structure and suggested insurance coverages brought out in the guidance documents are indicative and not intended to be an exhaustive list of requirements. In addition to the common reference framework contained in the document, it is equally important for insurers to consider the emerging insurable cyber perils and provide to customers a core insurance protection against cyber risks.
Please acknowledge this circular and confirm having noted its contents.