The Central Bank has warned insurers that they may not be financially prepared for the costs of meeting claims stemming from the rapidly growing number of hacks and cyber attacks.
Director of Insurance Supervision, Domhnall Cullinan, said the majority of insurance firms have not assessed whether they might be exposed to so-called “silent” cyber – where legacy policy wording fails to exclude cyber risks.
That would potentially leave insurers open to claims from customers hit by hackers which the insurance firms have not provided for financially, Mr Cullinan, said in a speech at an industry event.
He compared the situation to the business interruption claims made against insurers by business shut by the pandemic, which he said the industry had failed to anticipate.
Mr Cullinan said Covid-19 had shown up weaknesses in relation to ambiguous policy wording in some policies which he said meant that insurance companies’ risk exposures have not been adequately priced and reserved for by some firms.
This may also be true in respect of cyber risk, he said.
“Given recent experiences, the Central Bank expects that firms conduct periodic reviews of policy terms, limits and exclusions, to ensure their product offerings are structured to respond in the manner intended and within each firm’s risk appetite,” he said,
Meanwhile, he said the Central Bank will publish fresh findings in July in relation to so called ‘differential’ pricing by insurance companies that use data about customer habits to quote different prices for the same level of risk along with a potential consultation on proposals to better protect consumers.
The wide ranging speech also warned insurers that the regulator is looking hard at issues including how effectively boards oversee outsourced work and whether insurance businesses have fully taken account of the financial implication from the pandemic.