If you assume (probably wrongly) that your current insurance covers you for cyber-related risks, the wording of the policy is going to get updated so you should be under no illusions anymore…:
Two new London Market model clauses to help underwriters manage cyber losses have been published by the International Underwriting Association (IUA).
The wordings have been developed in order to address issues of non-affirmative or “silent” cover, where traditional insurance policies may unintentionally suggest protection for undefined cyber risks, said the IUA, which represents international and wholesale insurance and reinsurance companies operating in or through London.
The first new model clause, called “Cyber Loss Absolute Exclusion Clause” (reference: IUA 09-081), provides market participants with an option to exclude in the broadest possible manner any loss arising from the use of a computer system, network or data – each of which is clearly defined, the IUA said.
The second model clause, called “Cyber Loss Limited Exclusion Clause” (reference: IUA 09-082), enables only the exclusion of losses directly caused by cyber events, rather than “directly or indirectly.”
“These two new model clauses provide broad policy exclusions which may be utilized as a starting or reference point for underwriters offering cover for traditional business classes that may include an element of cyber risk,” said Chris Jones, IUA director of legal and market services, in a statement.
By developing class-specific write backs insurers can then explicitly state the extent of any cover provided for such losses,” he added.
Both clauses were developed in response to concerns expressed by the UK Prudential Regulation Authority (PRA) about potentially unintended or unclear provision of coverage for cyber risks in various classes of insurance business, explained the IUA.
The issue was addressed by the regulator in a November 2016 consultation paper – “Cyber insurance underwriting risk” – and subsequent policy statement (PS 15/17). Companies were urged to actively manage their exposures by considering adjustments to premium, robust wording exclusions and specific limits of cover.
“Silent cyber cover creates uncertainty for both insurers and clients and has been a hot topic in the London company market for some time now,” said Jones.