Brokers have been warned to “carefully check” cyber insurance policies when advising clients, as many will leave businesses out of pocket should they suffer a ransomware attack – one of the biggest cyber risks facing companies today.
Ransomware, a form of malware that was behind the Petya, NotPetya and WannaCry attacks this year, was named in a Lloyd’s of London report in June as one of the three biggest cyber threats to businesses in sectors including IT, professional services, healthcare, public sector, education, media, transport, hospitality and utilities.
Despite that, many cyber policies do not provide cover for business interruption as a result of ransomware attacks, according to cyber insurance comparison engine, Cyber|Decider.
Around one quarter of cyber insurance policies reviewed in recent research conducted by the firm would not adequately cover businesses for the loss of revenue from such attacks – yet for many organisations this is likely to be by far the biggest cost.
Brokers face a challenge in helping clients to secure the right cyber cover due to the “high and surprising variability” of policies on offer, as well as a lack of consistency across policy wordings and definitions, Cyber|Decider’s CEO, Neil Hare-Brown, told
Insurance Business.
“In some areas, the coverage provided by policies is similar and reasonably comprehensive, such as the costs from data breaches and forensic investigations, as well as meeting third party claims and any legal defence costs,” Hare-Brown said.
“But where ransomware causes a major interruption to the business, as it did with WannaCry, the coverage of insurance policies is highly variable. This, coupled with the practice of many brokers of recommending only one policy, means many businesses will not be covered for the business interruption costs from cyberattacks, even though it is a high risk for them,” he went on to say.
While some of these emerging risk areas are now being commonly incorporated into cyber policies, “it’s a little too early to say these are standard,” the CEO warned.
Ensuring that cyber insurance cover applies to business interruption losses is increasingly important, and many insurers are continuing to develop their policy offerings in this regard, according to Hare-Brown.
It’s vital that brokers are asking clients about their critical reliance on digital technology, not just in office operations but in manufacturing, logistics and every other aspect of their business, he stressed.
“Such frank discussions should help to develop relevant business interruption scenarios which will inform both broker and client on the risks and which policies provide suitably aligned cover,” added Hare-Brown.
“Brokers should always ensure that they align the policy requirements to client needs and in many cases, helping clients to first understand their cyber risks either before, or as part of, the acquisition of cyber insurance is a vital and valuable step.”
Related stories:
XL Catlin: Are insurance clients starting to get cyberattack breach fatigue?
Marine sector under pressure from mounting cyber risks