“Silent cyber,” also known as unintended or non-affirmative coverage, refers to the unknown or unquantified exposures stemming from cyber perils that may be triggered within traditional property and liability insurance policies. The systemic nature of the cyber risk means silent cyber may become increasingly more prevalent in virtually every type of insurance policy.
Fundamentally, silent cyber arises from policies that may not explicitly provide a cyber coverage grant or from a cyber exclusion that is poorly worded or unclear. The “gray area” of where liability lies can also arise if insuring agreements are satisfied but the insurer did not price for or contemplate loss scenarios originating from a cyber peril.
For example, a commercial building with a property insurance policy suffers a cyber-attack that leads to a structure fire, which in turn damages the building’s HVAC system; and the event results in disruption in occupancy and use for several weeks. If the building’s insurance policy has no explicit cyber coverage or exclusions or the exclusion for cyber is ambiguous, it can create a gray area about coverage. On the other hand, if the building has cyber insurance that covers the damage to the server, and property insurance that covers the damage to the property, then it may lead to questions over which policy covers the damage to HVAC and which one applies to the business interruption.
Guy Carpenter has best-in-class capabilities and has placed over 30 stand-alone and blended cyber programs globally that protect against non-affirmative silent cyber.