The Association of British Insurers and Lloyd’s of London have co-published a guide for re/insurers on how to approach defining a major cyber event.

With a relative lack of historic major cyber events for insurers to look at when trying to establish clear definitions and policy wording, the paper attempts to provide a framework for assessing and managing large-scale cyber incidents.

The guidance highlights the need for insurers to take a structured approach when evaluating cyber events, considering who caused the event, whether it was intentional or accidental, and the financial and operational impact. The aim is to create a consistent definition and response to evolving cyber threats.

While each provider’s definition may vary depending on their commercial approaches, the ABI and Lloyd’s stress that this framework can help to streamline the process by grouping, categorising, and systematically analysing cyber incidents for various purposes, such as risk assessment and aggregation.

Mervyn Skeet, director of general insurance policy at the ABI, said: “The emerging and incredibly complex nature of cyber threats are a crucial challenge to our industry. There is no one single definition of a major cyber event, and history does not yet provide enough evidence to build one. However, getting ahead of these threats and understanding the risk they pose is where our industry excels.

“By collaborating with Lloyd’s, we’ve been able to develop a framework and a consistent set of components for firms to consider when trying to build their own definitions. This should provide more certainty for insurers, government and customers.”

---