As businesses, both large and small, throughout all sectors of industry, become more and more reliant on technology to improve service efficiencies and functionalities, cyber risk has become one of the most pressing public topics addressed in corporate boardrooms and by governments across the globe. The corresponding awareness of a business’s susceptibility to a cyber-attack has grown along with a spate of high-profile attacks. Consequently, cyber risk is now an embedded feature of the global risk landscape, not only as a privacy/network liability, which is where much of the publicity has arisen, but also as a peril affecting traditional insurance lines. Therefore, preventative and post-event remediation are gaining importance as shareholders, regulators and rating agencies are increasingly focused on enterprise risk management activities for cyber risks.
Insurance is an important piece of the strategy for helping businesses address these risks. However, ascertaining the true level of cover for any given cyber-risk scenario can be a challenging exercise because of the differences in how insurers grant the coverage; how insureds view cyber coverage in their traditional forms and how the policy responds. For example, the security breach of personal information and resulting notification requirements are being addressed via a rapidly growing privacy and network security insurance marketplace.
Concerning traditional property and liability insurance products, which may not have contemplated covering cyber as a peril or loss cause, it is often unclear whether there is coverage. As a result, cyber losses can be explicitly excluded where coverage is not intended to be granted. Discrete coverage can then be added via endorsement or through a separate cyber policy, commercial general liability being an example.
In the property market, there is also confusion about whether a cyber-attack causing physical loss should be covered. The exposure could be significant and could expand beyond just physical damage and include business interruption or contingent business interruption if production or supply lines are disrupted as a result of a specific cyber-attack.
To view the recent announcement of Guy Carpenter’s strategic alliance with Symantec to develop a cyber aggregation model, CLICK HERE.