Conventional insurance cover for cyber risks a patchwork affairReprints
The coverage provided for cyber risks by conventional classes of insurance can be patchy, according to research carried out by the International Underwriting Association and law firm Norton Rose Fulbright L.L.P., both based in London.
According to the research, published Monday, many insurance buyers believe that existing insurance policies will respond to cyber risks, but there may be gaps in that coverage, noted the report, “Cyber Risks and Insurance: An Introduction to Cross Class Liabilities.”
The effects of a cyber incident can be broad and cause damage to physical property, bodily injury and reputational damage as well as “more obvious types of loss” such as loss of data and business interruption, the report said.
Insurers and insurance buyers need to be aware of the potential for certain risks to be specifically covered, not specifically covered or specifically excluded, the report said.
Stand-alone cyber insurance coverages, extensions and drop-down coverages are being used to enhance the coverage provided by conventional lines of insurance, the report said.
“Professional indemnity and (directors and officers) are two areas where it is possible to envisage situations in which, directly or indirectly, cover is provided for certain types of cyber risk. Yet clients may not be fully aware of the scope in underwriting these lines,” Chris Jones, director of market services at the IUA, said in a statement.
“Conversely, in marine and aviation business, for example, it can be seen that fairly standard policy exclusions may operate to limit the scope of cover in relation to cyber perils,” he said.
“Cyber-specific wordings and products, therefore, may be an effective way of filling gaps of cover which exist in conventional lines of insurance,” he said.