International broking giant Willis Towers Watson revealed its newest offering last week – an aviation cover tailored to the cyber risks facing the industry.
CyFly, available globally, targets airlines’ unique exposure to major financial and reputational damage in the event of a network incident caused by people or technology risk.
“Aviation cyber risks are characterised by what is often called the expanding aviation network perimeter, i.e. the high and ever-increasing level of airlines’ reliance on the IT networks of third parties,” Jamie Monck-Mason, executive director for cyber and technology, media and telecommunications, told Insurance Business.
With airline carriers increasingly relying on IT for systems such as passenger bookings, catering, fuelling, baggage handling, airport security, maintenance, runway and facilities, their vulnerabilities to cyber incidents are multiplying exponentially, he explained.
But the cyber risks faced by airlines are not just centred on attacks – operational failures and human error are a huge threat too.
Want the latest insurance industry news first? Sign up for our completely free newsletter service now
According to Willis’s recent Industry Risk Index, failure of critical IT systems is the most significant risk facing the global aviation industry.
“One only has to look at the well-publicised network outages affecting Southwest last July, and Delta last August, to appreciate the enormous financial and reputational impact of critical IT system failures,” Monck-Mason said.
“The Delta outage caused 2,300 flight cancellations (and an estimated USD 150m uninsured loss), and the Southwest outage 1,850 cancellations (leading to a USD 100m insurance claim). Significantly, neither event was caused by a cyber-attack, but rather by IT system failures,” he explained.
The ClyFly offering is a “genuine game-changer” in this area, he said.
Previously, airlines were offered the same “off-the-shelf cyber products” as other industries, Monck-Mason explained, and the feedback Willis received from airline executives was that traditional cyber insurance was “often irrelevant and, in some cases, unfit for purpose.”
Many airlines were only covered for network business interruption resulting from a cyber-attack against their own IT networks, and so were exposed to non-malicious system failures, as well as attacks and failures of a third-party network – which airlines can be completely dependent on.
Related stories:
Willis Towers Watson lifts off cyber product for global airlines
Willis Towers Watson names global industry leader for natural resources