The Director of Insurance at the FCA, Matt Brewis, has written to insurers with an update on its priorities for 2023-2025.1 This refers to a report by GlobalData recording substantial growth in the global cyber market2. Direct Written Premiums were $16.7bn 2022 and are anticipated to grow to $33.4bn in 2027. Premiums are expected to soften in the second half of 2023 and beyond. This combined with waning fears of a recession will help propel growth, both in personal and commercial lines.
This raises concerns for the FCA. The Dear CEO letter flags risks with uncertain policy wordings which may not meet customers' needs. The FCA also expresses concern about expertise, including at board level. This reflects earlier Dear CEO letters from the PRA which have raised identical issues. Our firm has provided training to board directors keen to increase their knowledge of this line of business and the associated risks, explaining the breadth of cover offered in cyber policies and common issues we encounter in breach response.
The full section of the FCA letter addressing cyber insurance is set out below:
Putting consumers’ needs first: Cyber insurance
Cyber insurance is a rapidly growing product line which is estimated to grow globally from $16.7bn in direct written premiums in 2022 to $33.4bn in 2027. It is a critical risk management and crisis recovery tool for many businesses, big and small. With cyber-attacks on the rise, we are concerned that uncertain cyber policy wordings may result in firms not meeting their customers’ needs. We want to see a cyber insurance market where firms can demonstrate that customers buy products that meet their needs and provide value, to avoid misalignment between customer expectations and policy outcome.
Firms offering cyber insurance must make sure their policy wordings are clear and that customers understand the coverage they are buying. We also expect firms to manage cyber claims handling in a fair and timely way. We encourage the market to continue improving their knowledge of cyber risk so firms will have sufficient expertise, including at Board and second/third line of defence level, to understand the risks involved with cyber insurance underwriting and ensure appropriate product oversight. We will continue monitoring the cyber insurance market and take action on firms we deem to be outliers.