Simon Cooper Consultant
Cyber risk - mind the gap!
Today, almost every organisation is reliant on technology – it dominates communication systems, transport, financial services and many other aspects of commerce – and as technology becomes ever more complex and sophisticated, so do the risks you face.
Cyber risks are a real and significant threat to all types of organisations, causing potentially far reaching and devastating consequences for all aspects of business and trade.
- Are insureds and their brokers in blissful ignorance of their lack of any meaningful coverage for cyber related exposures?
- Are underwriters of standard property and/or liability classes aware of their potential exposure to cyber losses?
- How big and how wide is the aggregation risk for reinsurers?
- Are the exclusions and protections traditionally relied on by the market still fit for purpose?
These are just some of the questions thrown up by recent surveys which ask whether buyers and sellers of insurance are doing enough to ‘mend the cyber roof while the sun is still (just about) shining’.
Repeatedly, surveys reveal that cyber risk is now among the top 3 or 4 concerns for corporate boards and for insurers alike. The increase in the frequency and sophistication of cyber failures/attacks draws into sharp focus the importance of insurance. However, outside specialist circles, it is concerning that the insurance coverage for cyber risks is not better understood and managed – there are notable gaps. Moreover, there remains
a widespread uncertainty as to whether, and if so how, non-specialist insurance policies will respond to a significant cyber event. Conventional insurance products may exclude or restrict damage caused by a cyber event.
Belief v Reality
For example, surveys have shown that while 50% of corporate CEOs believe that they have adequate protection against a cyber event, analysis of their insurance cover indicates that only 10% in fact have the protection they believed.
This misunderstanding, however, is not confined to the insureds. A recent analysis by software provider Absensa released on 18 July 2016 is reported to show that a review of almost 400 reinsurance contracts underwritten at Lloyd’s revealed significant exposures to catastrophic cyber events. At least 40% of the policies did not contain standard cyber exclusions and some 68%, it is reported, had no reference to cyber terms at all.
In part, this perhaps represents an industry inertia but also the failure to adapt coverage terms in some sectors to the rapidly developing technologies and ever changing risk profiles. For example, a cyber event can lead to catastrophic physical damage and personal injury losses as well as the more readily anticipated data theft and business interruption exposures. It is also the case that many of the regularly used exclusion clauses are limited in their effectiveness as they focus on hostile acts, often by outsiders, rather than the increasingly common inadvertent cyber event or insider action.
In the circumstances, both insureds and insurers (as well as their reinsurers) would be well advised to undertake a careful review of their policy wordings in order to understand precisely what is and is not covered, and to make any necessary changes.
No-one likes nasty surprises - make sure you are not at the receiving end of one!
Related news & insights
Insights / Success with subrogation in the UAE
25-05-2021 / Insurance
Insurers often perceive subrogated recoveries as challenging and uncertain in this region and that can be true to some extent.
Insights / Insurance & Reinsurance guide 2021
25-01-2021 / Insurance
We are pleased to share with you Chambers and Partners 'Insurance & Reinsurance guide 2021', of which Simon Cooper is the contributing editor.
Insights / Supreme Court checks out of Orient Express Hotel
19-01-2021 / Insurance
On 15 January 2020, the Supreme Court handed down its judgment in this test case that was initiated by the Financial Conduct Authority (“”FCA”) in order to determine a number of common coverage issues pertaining to the correct response of non-damage business interruption policies to the Covid-19 pandemic.
Insights / Decennial Liability in the UAE
05-10-2020 / Insurance
At its core, decennial liability is a form of strict liability imposed on architects, engineers and contractors in the case of total or partial collapse of a building or structure or defects found in the building or structure that threaten the structural integrity of the building.
Insights / The Insurance and Reinsurance Law Review Eighth Edition
16-06-2020 / Insurance
We’re pleased to share with you the eighth edition of The Insurance and Reinsurance Law Review. Ince is a member of The Law Reviews (TLR) leading panel of contributors and the team this year led by Peter Rogan as the Editor, contributed to the following topics:
Insights / Chapter 15 - England and Wales
16-06-2020 / Insurance
The UK insurance and reinsurance industry is the largest in Europe and the fourth-largest in the world.