An Concern Making Noise Throughout Industries and Protection Traces


This post is part of an Amwins sponsored series.

As cyber events evolve in complexity, scope and frequency, property and casualty insurance companies are increasingly concerned about the potential for unintended damage. These cyber risks, which property and casualty insurers have neither signed nor invoiced, can significantly increase their portfolio exposure. In response, many insurers have introduced various exclusions, floors, and changes to non-cyber insurance policies. This problem of non-affirmative reporting of cyber events is known as silent cyber.

Silent cyber incidents occur when coverage for cyber-related damage is either inadvertently provided by insurance policies that are not specifically designed to address cyber risks, or when exposure is expressly excluded from the primary cyber policy or other policies, creating coverage gaps.

Before you chalk up Silent Cyber ​​as something that has no impact on your customers or is only important to retailers who place professional line accounts, take a look at some examples of coverage lines and industry specific ones.

When cyber events pass into property and casualty insurance

While you primarily associate cyber attacks with financial damage, today’s cyber events can also lead to physical damage or bodily harm to first or third parties. For example:

  • Feature: Network disruptions caused by a ransomware attack take a critical HVAC system offline in a fruit warehouse. This means that the temperatures rise above the optimal threshold values, which leads to damage to the goods stored as well as to the system itself.
  • Accident: A manufacturer’s industrial control system is hacked and remotely manipulated to speed up the belts. This leads to an overload of the workplaces and injuries to workers.

What insurance will cover the damage in situations like this? This is the fundamental question behind Silent Cyber ​​and why retailers who buy property and casualty insurance should be aware of the problem.

How Silent Cyber ​​creeps into various industries

Health care

The University Hospital Düsseldorf was the victim of a ransomware attack that paralyzed its entire technology network. With the hospital’s systems offline, there was significant disruption to patient care, including the rerouting of ambulances to other nearby hospitals. As with most ambulatory journeys, time is of the essence and during the event one patient in critical condition died while in transit.

In this case, a cyber attack resulted in a tragic death. Where can the hospital seek insurance coverage in the event of a complaint about such events?

  • Most of the cyber policies on the market today contain exclusions (or at best sublimits) for personal injury and property damage.
  • A medical malpractice policy would likely not apply as the event was not a result of a medical malpractice or medical advice. It’s also important to note that cyber exclusions are more often added to E&O policies.
  • General liability insurance may not respond as damage from cyber events is usually excluded.

In summary, it can be said that non-cyber lines generally exclude cyber as a trigger or danger; whereas cyber policies often exclude personal injury and property damage. When one eliminates loss and the other eliminates danger, a silent cyber incident ensues.


Mondelez International is a manufacturer of snack brands including Cadbury, Oreo, Ritz, Triscuits, Toblerone, and Tang. When NotPetya malware infected two of its servers, it was a significant portion of the company’s global Windows-based applications, as well as its sales, distribution and distribution Affected financial networks across the enterprise. Mondelez suffered computer damage as well as delivery and distribution disruptions with a total loss of over $ 100 million.

This cyber attack led to significant business interruptions as damage to their own equipment was “bricked up”. Where can manufacturers look for insurance coverage for such events?

  • Real estate policies are often about “direct physical loss” and in this case the property was essentially intact. In addition, in this example, the airline denied the claim based on a clause in the policy that excludes any “hostile or war-like act” by a “government or sovereign power”. NotPetya is widely viewed as a government sponsored cyberattack, with Russia being cited as the sovereign as the potential behind the malware.
  • Cyber ​​policies often focus on resulting financial losses. In this case, the masonry equipment resulted in a financial loss, but what about the actual masonry equipment that needs to be replaced? This equates to a multi-million dollar device value that conventional cyber policies either exclude or provide for a minimum lower limit so that the insured must bear the costs.

By the time you read the fine print, the insurance policy was the cover that was unresponsive. A broad primary policy or the inclusion of a cyber umbrella policy could have responded to this.

Shipping / transport

A leading shipping company, AP Moller-Maersk, reported a loss of $ 300 million due to a malware attack that affected three of its key companies and brought its logistics operations to a halt around the world. Not only did the company lose revenue during the shutdown and subsequent weakness, it also had to invest in finding a way to continue business after the failure of its go-to systems and in rebuilding its IT department.

This cyber attack resulted in significant delays, lost business and reputational damage. Where can logistics and other transport companies look for insurance cover for such events?

  • Property insurance traditionally covers business interruption costs, but only those that result from traditional property risks. Cyber ​​exclusions remove any confusion about their reporting intent.
  • Bricked or disabled computer hardware likely had to be replaced, which is often excluded from property policies and can have small sublimits in a cyber policy.

Imagine if Maersk were unable to coordinate ship movements, resulting in collisions or other damage. If the property, casualty and marine insurance policy included cyber exclusions and the cyber policy included a property damage exclusion, there would be a silent cyber coverage gap.


Cyber ​​events can happen to policyholders of any size in any industry – just look at the recent SolarWinds hack and its far-reaching ramifications. These events not only lead to financial damage, but can also cause personal injury or property damage to first or third parties. Silent Cyber ​​is therefore not only an issue for retailers who focus on placing professional line policies, but also for property and casualty dealers who want to protect their customers.

Amwins offers the only product on the market specifically designed to combat silent cyber incidents. CyberUP is a comprehensive cyber umbrella insurance policy designed to fill policy gaps by dropping existing policies across multiple coverage lines rather than overlapping them. CyberUP provides retailers and policyholders with security for all types of damage caused by a cyber event. Contact your Amwins professional real estate agent or visit to learn more.

Do you need help determining the specific silent cyber exposure of your policyholders and whether they need CyberUP? We developed a self-assessment tool to identify risk factors and provide an easy-to-understand score that retailers can share with their policyholders.

Take part in the Silent Cyber ​​Exposure Evaluation.

About the authors

This article was written by Kasey Armstrong and Megan North, professional line brokers at Amwins Brokerage in Seattle, WA and the creators of CyberUP.


Interested in Cyber?

Receive automatic notifications on this matter.