Insurance Services Office Inc. (ISO) has issued a voluntary request to collect cyber insurance premium and loss detail information from P&C insurers. More specifically, “the ISO circular seeks scores of data elements on cyber coverage insurance losses, from their specific causes to claims to dates for events. It also seeks provisions for attachment points and types of policies.” While this voluntary request is asking for much more extensive information compared to the norm, the results will help small and medium sized insurers understand claims and better underwrite policies. In the end, this will ideally increase the capacity for cyber coverage in the overall market. ISO wishes to collect entire policy information, including full premium pricing and losses, from Jan. 1, 2010, through Dec. 31, 2015. It also asks insurers to include the losses as of March 31, 2016.
Also in the circular, ISO threatens that if this voluntary data sharing is not successful, the government may issue a mandate “in the name of national security” due to concerns of a “lack of aggregated data for pricing, rate filings based on actuarial judgement and silos of data across different industry sectors.” ISO claims this data call has the support of the U.S. Treasury Department which is said to be focusing on collecting cyber insurance data, including claims information, so it can better monitor cyber risk. The requested information for the ISO cyber call is Sept. 30, 2016.