From Loretta Worters, Vice President, Media Relations, Triple-I
Despite the proliferation of cyber threats and the increasing number and severity of incidents, directors, officers and executives in the C-Suite are too in the dark when it comes to cyber risks and insurance, says Risk & Insurance author Alex Wright in this month’s cover story, called for vigilance.
Although there are specific policies to cover the risk, many policyholders still expect to be covered by their property and liability insurance – but this is not the case. Risk & Insurance, a subsidiary of the institutes and the sister organization of Triple-I, points out that there is still a lack of clarity about damage from cybercrime in commercial insurance policies.
Confusion about coverage can result in policyholders experiencing unexpected coverage gaps.
“At best, a cyber incident can trigger multiple insurance coverage and increase the overall limit available to respond to an insured event,” said Adam Lantrip, Cyber Practice Leader, CAC Specialty. “In a more common scenario, multiple policies can be triggered but not coordinated, and the policyholder spends more on legal fees than the cost of purchasing standalone cyber insurance.”
Of particular concern to insurers is silent – or “unconfirmed” – cyber risk, where potential cyber-related events or losses are not specifically covered or excluded by traditional policies. In such cases, insurers can pay for unexpected losses for which the policies were not adequately priced.
“Cyber risks are present in almost every insurance policy today,” said Tracie Grella, global head of cyber insurance at AIG. “But because it wasn’t factored into the underwriting of standard policies like real estate, or properly identified, valued, priced and included in the aggregation model, it poses an enormous systemic risk that cannot simply be ignored.”
Silent Cyber first manifested itself in the WannaCry, Petya and NotPetya cyber attacks in 2017 that devastated everything from shipping ports and supermarkets to advertising agencies and law firms, the article says. The resulting losses from the encryption of master files and the subsequent ransom demands from Bitcoin to restore access were the most expensive ever at over $ 3 billion.
Underwriters, brokers and policyholders need to understand how evolving risk and legal frameworks affect their policies. You also need to keep yourself updated on the scale of the problem and understand the most common misunderstandings and reporting disputes related to Silent Cyber.
More about Cyber from Risk & Insurance
5 Tips To Get The Board On To Invest In Cyber Risk Management
Why every company, regardless of size, needs a cyber attack response plan – and helpful tips to get you started
Nobody is safe from cyber threats. Train your employees to defend your business now or risk millions
Cyber Risk Management for Medium and Large Businesses: Why Each Requires a Specialized Approach
More from the Triple-I blog
Cyber risks are becoming real and require new approaches
Businesses large and small must be against cyber resilience in a COVID-19 world
Twice a victim? Companies that pay cyber ransoms could face US penalties