Brian Sims
Editor

ABI and Lloyd’s of London publish guidance on major cyber events

Posted to News on Wednesday, December 4, 2024 Share:

THE ASSOCIATION of British Insurers (ABI) and Lloyd’s of London have co-published a guide entitled ‘Components of a Major Cyber Event: A (Re)Insurance Approach’ for (re)insurers on how to approach defining a major cyber event.

As one of the most prominent systemic and emerging risks, there are not many historic major cyber events for insurers to look at when trying to establish clear definitions and policy wording. The ‘Components of a Major Cyber Event: A (Re)Insurance Approach’ document seeks to address this by setting out the factors (re)insurers should consider and provides a framework to follow when defining what constitutes a major cyber event.

Written by senior cyber (re)insurance leaders, the position paper represents a joint effort to build shared approaches across the industry.

The steps that need to be considered, and given varying degrees of emphasis, when defining a major event include: 

*WHO is responsible for the event and whether their intentions were malicious or not? 

*WHAT was the cause of loss?  

*WHERE did it occur geographically in the digital ecosystem and the insured population? 

*WHEN did the event start and how long did it last for? 

*HOW did the cyber event spread (was it manual or automatic)? 

*WHY did the event occur: was the motive for financial or political gain?

*IMPACT quantified as monetary loss

Each provider’s definition may vary depending on their commercial approaches. However, the framework helps streamline this process by grouping, categorising and then systematically analysing cyber incidents for various purposes, such as risk assessment and aggregation.

Crucial challenge 

Mervyn Skeet, director of general insurance policy at the ABI, said: “The emerging and incredibly complex nature of cyber threats presents a crucial challenge to our industry. There is no one single definition of a major cyber event and history does not yet provide enough evidence to build one. However, being ahead of these threats and understanding the risk they pose is where our industry excels.”

Skeet added: “By collaborating with Lloyd’s, we’ve been able to develop a framework and a consistent set of components for firms to consider when trying to build their own definitions. This should provide more certainty for insurers, Government and customers alike.” 

Rachel Turk, Lloyd’s of London’s chief underwriting officer, stated: “With over one fifth of global cyber insurance being placed at Lloyd’s, a shared understanding of the approaches to defining a major cyber event is crucial for quantifying risks and developing risk mitigation strategies.”

Turk concluded: “It follows that a robust framework for defining the components of major cyber events will ultimately enhance the resilience of the insurance industry in the face of what are now ever-growing cyber threats. This position paper takes us a step closer to that goal.”

*Further information is available online at www.abi.org.uk

Company Info

WBM

64 High Street, RH19 3DE
EAST GRINSTEAD
RH19 3DE
UNITED KINGDOM

03227 14

Related Topics
ABI
Association of British Insurers
Cyber
Insurance
Lloyd's of London
Risk Management
Related Articles
Latest Webinars
Biometric access control: are fingerprint cards the future?
Biometric access control: are fingerprint cards the future?
Bandweaver signposts webinar on optical fiber for perimeter security
Video Surveillance: Exploring New Horizons
Perimeter Intruder Detection Solutions
Related Resources
Cyber risk facing UK “widely underestimated” warns head of NCSC
Security Matters Podcast – Episode 31 now live to view
Introduction to Vista VIP Series of CCTV cameras & recorders
Latest News
OakNorth supports Longacre Group’s investment in Veracity UK Limited
ABI and Lloyd’s of London publish guidance on major cyber events
Kings Secure Technologies named supplier on NHS SBS Framework Agreement

Login / Sign up