On 11 July, the European Insurance and Occupational Pensions Authority (EIOPA) published its fourth paper in a series of papers on methodological principles of insurance stress testing, containing a set of theoretical and practical rules, guidelines, and approaches to support the design phase of potential future insurance stress tests with a focus on cyber risk.
The paper aims to set the ground for an assessment of insurers’ resilience under severe but plausible cyber incident scenarios, focusing mostly on the financial consequences of such scenarios. It elaborates on two main aspects:
- Cyber resilience;
- Cyber underwriting risk.
Operational resilience testing, as required under the Digital Operational Resilience Act (DORA), is not in the scope of the current paper.
The paper also benefits from the engagement with stakeholders during a public consultation that took place between November 2022 and February 2023.