25th January 2023

Bank of England warns insurers of “gaps” in cyber response

The Prudential Regulation Authority (PRA) has warned of “gaps” and “limitations” in cyber modelling and response in a letter to major insurers.
The PRA investigated 54 insurance firms alongside 21 syndicates at Lloyds insurance requesting an assessment of their ability to prevent, react, and respond to major crises including cyber-attacks to prepare for periods of “high volatility and uncertainty.”
The watchdog uncovered that insurers were uncertain of the likelihood of ransomware attacks, data leaks, and cloud computing outages as well as ambiguous wording in cyber policies.
Achi Lewis, Area VP EMEA for Absolute Software, comments:
“Especially during periods of economic uncertainty, it is vital that organisations are aware of their cyber resilience, the likelihood of threats, and how to both prevent and respond to attacks. The PRA’s caution is important to prepare firms in the event of a worst-case outcome, with major cyber-attacks the cause of significant downtime, data breaches, and financial cost.
Organisations, regardless of industry, should utilise technologies such as resilient Zero Trust to boost preparedness for when– not if–a threat occurs. This is one way to improve resilience, authorising user access to devices, networks, and applications on a case-by-case basis, scanning for suspicious behaviour before alerting a central IT team with the capacity to freeze or shut off devices.
Remediation from major attacks can prove costly, often resulting in weeks, months, or even years for a full investigation, restoration, and legal procedures to take place, beyond the initial damage of the attack itself. It is therefore essential that all organisations have cybersecurity as a top priority.”
Chief of the PRA, Charlotte Gerken, has said they will assist firms to enhance their practices to better manage and mitigate the damage of cyber risks.

PRA Trends(93 articles)
Cyber Trends(1,372 mentins in Insurance Newslink))