The issue of “silent cyber” exposures, where cyber coverage is neither explicitly provided nor excluded in insurance policies, remains an issue for the insurance sector despite efforts to ring-fence the risks.

In the past several years insurers have amended policy wordings and introduced sublimits to reduce their exposure to cyber risks outside of specialist cyber liability policies.

Insurers remain concerned, however, that they are effectively offering cyber insurance coverage without charging a premium for the risk if it is included in traditional policies.

Insurers have made progress in addressing silent cyber in the past couple of years, adding exclusions or affirmative coverage, but it’s still an issue for the market, said Kelly Geary, New York-based national practice leader for executive risk and cyber with EPIC Insurance Brokers & Consultants. 

Cyber risk is dynamic and “may always outpace the industry’s attempt to contain it,” Ms. Geary said.

Insurers have been concerned they may face unintended liability in policies not designed to cover cyber risks. Moody’s Investors Service Inc. said in a February report that many commercial insurers and reinsurers were reducing their silent cyber exposure by shifting cyber risk to standalone policies or introducing cyber sublimits or exclusions in traditional policies.

On Monday, Lockton Cos. LLC said it was offering a “silent cyber property solution” with a London-based cyber and property insurance consortium.

While many insurers have taken steps to isolate the risk, more work is needed, said Nadia Hoyte, New York-based U.S. practice leader for USI Insurance Services LLC. 

She said there may be some “overlap” with directors and officers liability insurance policies, she said.

Tim Zeilman, Simbury, Connecticut-based global cyber product owner at Hartford Steam Boiler Inspection and Insurance Co., said that even though it has been talked about for many years, “companies are probably in a variety of different stages” in addressing silent cyber.

He said that for the past several years Hartford Steam Boiler and parent company Munich Reinsurance Co. have undergone “quite an extensive, internal effort to get a handle on it.”

James Burns, London-based cyber product leader for CFC Underwriting Ltd., said, “There have been lots of moves to address silent cyber through specific exclusions of the cyber risk and rewording language to explicitly cover and charge a price for it.”

The challenge is that some policyholders have potential gaps in coverage or find they are being asked to pay for something they previously thought was free, he said.

“It’s going to differ company by company,” said Brad Gow, Purchase, New York-based cyber product leader for Sompo International Holdings Ltd. 

Over the past three years, Sompo has had a formal program to review its different lines of business to identify where silent cyber coverage may be present and address it.

Tom Srail, executive vice president, cyber risk team, for Willis Towers Watson PLC in Cleveland, said silent cyber remains a concern but it is not among the top 10 concerns about insurance “we’re talking about on a daily basis.”