Zurich launches cyber policy covering prebreach, GDPR risksReprints
COLORADO SPRINGS, Colorado — Zurich Insurance Group Ltd. is launching a cyber policy form that includes network security monitoring and prebreach services and can respond to regulatory enforcement actions under the European Union’s General Data Protection Regulation.
“We think the best way to protect against cyber is to have a dedicated cyber policy with dedicated limits and language tied to the coverage so there’s real clarity of intent,” Paul Horgan, Zurich’s New York-based head of North America commercial insurance, told Business Insurance on the sidelines of the Insurance Leadership Forum, sponsored by the Council of Insurance Agents & Brokers in Colorado Springs, Colorado. “We really are pushing the brokerage community to rally around that because we’ve found when people try to put the coverages as an addendum on existing policies, there tends to be as many disputes on the coverage as there has been providing the service to our customers. We’re really becoming more and more convinced that a dedicated policy with dedicated limits and very clear language is the right way to make sure the coverage is provided to the customer, allows for quick response on the claim and minimizes any disputes.”
The cyber insurance policy is available in North America through the specialty E&O, wholesale and Canadian underwriting teams.
“The demand for coverage, the demand for knowledge, the demand for services to support pre and post breach are just exploding,” he said.
The new policy features coverages previously not offered such as affirmative coverage for regulatory proceedings, assessments, fines and penalties associated with enforcement of the GDPR, in addition to traditional coverages such as breach costs.
“The real threat isn’t necessarily the legislation and the occasional person who opts out” under the GDPR, Mr. Horgan said. “It’s the shock event that causes a significant part of the population to ask to have their data deleted. And in this environment, where companies are outsourcing and using third-party vendors to support their businesses, if they can’t share data, it really does jeopardize some of the business models that are out there today.”
“This is not a European issue,” he added. “It is absolutely coming to a neighborhood near you.”
The new form offers coverage for reputational damage associated with an adverse media event resulting from a cyber breach and for funds lost from a social engineering fraud event. It also offers cover for the failure of a system or the failure of a service provider’s system resulting in a business interruption and voluntary shutdown and cryptomining.
Zurich has increased underwriting staff to handle the additional volume and established an inhouse risk engineering team dedicated to the cyber exposure, with a particular focus on middle market customers, he said.
“They’re the ones that don’t have the resources, don’t have the knowledge so we’re looking to not just sell the risk transfer solutions but also try to make them hardened customers on the front end and then resilient on the back end,” Mr. Horgan said.