On February 4, the New York Department of Financial Services (NYDFS) released Insurance Circular Letter No. 2 (2021), a Cyber Insurance Risk Framework (Framework) for insurers that write cyber insurance.
The Framework identifies best practices that property/casualty insurers “should employ” to manage cyber insurance risk and raises a number of issues relevant to multiple stakeholders including policyholders who rely on insurance as part of their cyber risk management strategy.
At its core the Framework is designed to address systemic risk to cyber insurers. But while NYDFS states that the Framework is directed to cyber insurers, those insurers that do not write cyber policies should assess and apply the Framework as relevant to “silent risk” they carry from non-cyber policies that may provide coverage for cybersecurity-related losses.
To provide context for the new Framework, NYDFS identifies the need to address systemic risk in light of several key factors:
- the rapid expansion of cyber insurance in the marketplace, which in the United States is expected to grow from $3.15 billion in 2019 to more than $20 billion in 2025;
- challenges in pricing cyber risk…