On February 4, 2021, New York’s Department of Financial Services (DFS) issued Insurance Circular Letter No. 2, which builds on the robust cybersecurity regulation provided in its 2017 Cybersecurity Regulation (23 NYCRR 500). The Letter discusses the current state of the cyber insurance industry and provides a seven-part Cyber Insurance Risk Framework which may assist insurers to assess and control cyber risk. Many of the Framework’s tools may also be useful to other types of businesses.
According to the Letter, cyber insurance plays a key role in managing and reducing cyber risk. Although a relatively new area of insurance, the market is projected to grow from $3.15 billion to over $20 billion by 2025. Additionally, insurance coverage for cyber incidences is frequently sought under non-cyber policies. This results in what is referred to as “non-affirmative” or “silent risks” that insurers may not consider when underwriting non-cyber policies. For this reason, DFS opines that the amount of premium dollars paid for cyber insurance may not correlate with insurers’ cyber risk, which DFS believes has been grossly underestimated. DFS therefore recommends that even…
