Cyber policies may not cover important risk exposures

Cyber policies may not cover important risk exposures

Cyber policies may not cover important risk exposures The cyber insurance space is growing. The release of new and enhanced products featuring higher limits, greater coverage and more risk management and breach response resources has been a common occurrence in 2016, and appetite in the market suggests the frenzy will only continue.

Yet there are some cyber-related risks a policy may not cover. Property damage, reputational harm, professional liability concerns and business interruption perils can all be triggered by a cyber event, but the industry has been exceedingly varied in how it has responded to these threats – particularly when an incident could trigger multiple policies.

“It’s a challenge the industry is beginning to deal with, but it needs to come up with a unified solution,” said Robert Rosenzweig, vice president and national cyber risk practice leader with DeWitt Stern. “It varies insurer to insurer on whether the cyber product will respond simply because the event is a cyber-related peril, or if other policy forms will be amended to specifically provide coverage to an event triggered by cyber.”

Robert Rosenzweig is a featured speaker at Cyber Risk 2016 on November 2. Sign up today to hear more of his thoughts on the current state of the industry and its response to the growing cyber threat.

While some insurers have explicitly embraced related exposures through their cyber forms – AIG, for example, provides coverage for cyber-related property damage – others have remained vague.

Part of the problem is that insurers typically think about and address risk in silos, said Rosenzweig.

“Cyber underwriters typically understand the issues surrounding a system being compromised, but with cyber losses related to crime – social engineering attacks that lead a person to wire money to a criminal organization, for example – are less understood,” he said. “Meanwhile, crime underwriters understand ‘old world’ theft exposures, but they don’t understand the cyber component.”

Without clear delineation from product to product, insurer to insurer, Rosenzweig urges insurance brokers to be thoughtful on how they approach cyber risk.

“Until there’s a consensus in the marketplace and one product is developed that speaks to all losses emanating from cyber, brokers need to make sure all insurance products are dovetailing and complementing each other,” he said. “You don’t want to be in a position where any element of cyber risk is not covered.”