’We are concerned that uncertain cyber policy wordings may result in firms not meeting their customers’ needs,’ says regulator

The FCA has revealed that it has concerns over the way policies are written within the cyber insurance market.

In its latest Dear CEO letter, published earlier this week (20 September 2023), the regulator highlighted fears that customers were receiving uncertain policy wordings from insurers providing such coverage.

As a result, it warned that action would be taken against firms that it deemed to be “outliers”.

This came amid a rise in cyber attacks – Howden recently reported a rise of sophisticated cyber claims, such as ransomware and phishing.

According to the broker’s Coming of Age report, which was published earlier this year (10 July 2023), ransomware attacks surged by nearly 50% in the first half of this year compared to the same period in 2022.

“With cyber-attacks on the rise, we are concerned that uncertain cyber policy wordings may result in firms not meeting their customers’ needs,” the FCA said.

“We want to see a cyber insurance market where firms can demonstrate that customers buy products that meet their needs and provide value, to avoid misalignment between customer expectations and policy outcome.”

Fair value

The warning came after the FCA implemented its new Consumer Duty regulation, which came into force earlier this year (31 July 2023).

This requires insurance firms to review their products and services against a new standard of fairness.

In turn, they are expected to provide positive customer outcomes around four metrics.

This includes products and services, fair value, consumer understanding and consumer support.

The FCA told insurers offering cyber cover that their propositions needed to be clearer so that “customers understand the coverage they are buying”.

“We also expect firms to manage cyber claims handling in a fair and timely way,” it added.

“We encourage the market to continue improving their knowledge of cyber risk so firms will have sufficient expertise, including at board and second/third line of defence level, to understand the risks involved with cyber insurance underwriting and ensure appropriate product oversight.

“We will continue monitoring the cyber insurance market and take action on firms we deem to be outliers.”