78



       of cyber insurance in terms of GWP is growing and is expected to reach US$13-25bn  Market  Report  presented  an  analysis  of  the  risks  and  trends  associated  with  cyber
       by 2025. With the increase in technology and digitization, annual economic losses from  insurance  coverage,  cyber  resilience  in  the  insurance  sector  and  the  impact  these
       cyber incidents are estimated at over US$0.9trn. However, due to the small share of  risks may have on financial stability. The IAIS Report finds that global cyber insurance
       insured losses, the estimated protection gap remains at approximately US$0.9trn.   premiums  have  continued  to  grow  despite  tighter  terms  and  conditions  and  stricter
                                                                                      risk selection. Supervisors are actively developing and implementing macroprudential
       Although the supply of cyber insurance is expected to grow, it is unlikely that the cyber  supervision  frameworks  for  cyber  risks.  These  include  incorporating  cyber  scenarios
       protection gap will be closed soon due to the small share of insured losses today and the  in stress tests, collecting data on common vulnerabilities, and supporting international
       rapid speed of digitization, making businesses increasingly vulnerable to cyber-attacks.  initiatives to enhance the resilience of the financial sector. Cyber underwriting activities
       Furthermore, since they are dependent on the regulatory environment (e.g., incident-  of insurers in the sample are not assessed to pose a threat to financial stability due to the
       reporting standards) and public cybersecurity infrastructure, insurers will not be able to  currently limited volumes of affirmative cyber insurance underwriting.
       narrow the cyber protection gap alone (particularly for potentially systemic cyber risks),
       meaning private and public stakeholders need to collaborate to address the fast-growing  The IAIS also published an Issues Paper on Operational Resilience in May 2023 that
       cyber protection gap. Individuals and organizations need to seek cyber protection and  addresses  three  specific  operational  resilience  sub-topics  concerning  areas  the Task
       proactively engage in prevention. Various potential levers exist for private and public  Force considers as matters of significant and increasing operational risk, and therefore
       stakeholders  to  use  to  address  the  protection  gap.  These  include  incentivizing  and  of immediate interest to supervisors - cyber resilience; IT Third-party outsourcing; and
       supporting prevention; conducting awareness campaigns; developing incident-reporting  Business Continuity Management.
       frameworks; and fostering adaptation measures.                                 The  area  of  cyber  risk  and  operational  resilience  continue  to  evolve  rapidly;  close
       Global standard setters and insurance supervisors are also closely studying cyber risk  coordination and ongoing dialogue between supervisors and industry continues to be
       and  operational  resilience  and  the  protection  gap.   The  2023  IAIS  Global  Insurance  critical.