The goals of Lloyd’s and global regulators are to safeguard the sustainability of the insurance market, provide contract certainty for clients and drive innovation of new cyber products to fill the evolving needs of clients, according to Guy Carpenter colleagues Siobhan O’Brien, International Cyber Center of Excellence Leader, and Erica Davis, North America Cyber Center of Excellence Leader.
One of the challenges in achieving the changes necessary lies in the fact that there is no globally agreed upon definition of what constitutes “cyber.” Across various classes of insurance, the differences become apparent as some clauses refer to “cyber events” while others refer to the use of “software.” Certain clauses deal only with malicious cyber events, some refer to “systemic” risk and others impose conditions related to an insured’s ability to demonstrate the adequacy of their cybersecurity. This anticipated lack of consistency presents considerable challenges, though underwriters are actively taking steps to address the issue. Approaches underwriters are taking include:
- Affirmation: Positively affirm where cyber exposure exists in the policy.
- Affirmation but with sub-limits of the cover available: Positively affirm where cyber exposure exists in the policy and cover will then be provided with a sub-limit to that element of cover.
- Exclude all exposure: Exclude on an absolute basis any loss from cyber exposure. Typically, these cyber exposures will be defined.
- Exclude, but write back in specific areas of cover: Exclude on an absolute basis any loss from cyber exposure, but provide specific write-backs for a list of perils according to appetite.
Another challenge lies in the fact that (re)insurers in all classes of business are now constructing and finalizing language and formulating underwriting guidelines in accordance with their own strategies for dealing with silent cyber. Moreover, various industry bodies such as the International Underwriting Association of London and Lloyd’s Market Association have issued model exclusions that (re)insurers are proposing to add to policies. This will inevitably lead to differing approaches to the issue and inconsistency in what is being offered to clients.