Collection of cyber insurance and management liability data in the National Claims and Policies Database (NCPD)
APRA’s 2020-2024 Cyber Security Strategy is focussing on initiatives to help achieve a financial system which is resilient to cyber incidents. The collection of cyber insurance data will assist insurers in quantifying this risk so as to develop adaptive pricing models and products to support this strategic response.
March 2021
On 15 March 2021, APRA released a response to submissions on proposals to collect cyber insurance and management liability data in the National Claims and Policies Database (NCPD). The expanded data collection will start on a best endeavours basis with data for the 31 December 2020 half year and progress to full data collection for the 31 December 2021 half year.
The response letter, clean and marked-up copies of the draft reporting standards, and a submission in response to the consultation can be found below.
Letter:
Draft reporting standards:
Submission:
November 2020
APRA is now consulting with the industry on an initiative to collect cyber insurance and management liability data in the NCPD.
Letter:
The four reporting standards that are expected to be impacted include:
Whilst not directly impacted, APRA also intends to refresh reporting standards GRS 800.3 Facility Business Data: Public and Product Liability and Professional Indemnity Insurance and LOLRS 800.3 Lloyd’s Facility Business Data: Public and Product Liability and Professional Indemnity Insurance to ensure these remain consistent with more recent reporting standards.
Note on submissions
It is APRA's policy to publish all submissions on the APRA website unless the respondent specifically tells APRA in writing that all or part of the submission is to remain confidential. An automatically generated confidentiality statement in an email does not satisfy this purpose. If you would like only part of your submission to be confidential, you should provide this information marked as 'confidential' in a separate attachment.
Submissions may be the subject of a request for access made under the Freedom of Information Act 1982 (FOIA). APRA will determine such requests, if any, in accordance with the provisions of the FOIA. Information in the submission about any APRA-regulated entity that is not in the public domain and that is identified as confidential will be protected by section 56 of the Australian Prudential Regulation Authority Act 1998 and will therefore be exempt from production under the FOIA.