The industry may be caught up in the potential returns offered by cyber insurance, but Fitch has warned insurers that their “silent” cyber risk could also see them face substantial losses.
In its latest report, entitled
Cyber Insurance — Risks and Opportunities, the global ratings agency warned that insurers currently face “considerable challenges” in measuring their total underlying exposure to cyber risk. Fitch notes that general liability or property coverage may make no mention of cyber coverage directly in policy language but could still be used as a way for clients to claim against a cyber breach as silent cyber risk “creates a genuine challenge for insurer management.”
Search and compare insurance product listings for Cyber from specialty market providers here
“As such, underwriters that do not write specialty cyber coverage may still face substantial losses from a cyber catastrophe,” the report states.
“In the event of a large cyber disaster today, a major proportion of insured losses would be incurred within traditional policies. This silent cyber coverage exposure can create large risk aggregations and creates potential for differing interpretations of coverage. This ambiguity can, in turn, lead to more antagonistic settlement processes in the event of a cyber related loss.”
The industry is responding as the report notes that underwriters and policyholders recognise the need for explicit descriptions of cyber-related coverage under traditional policies as cyber-specific language, sublimits and endorsements “are growing in frequency.”
“Still, Fitch’s sense is that a number of underwriters are lagging in this adaptation process,” the report continues.
The report calls on insurers and regulators to enhance public disclosure of insurers’ stand-alone and “silent cyber underwriting exposures” as a way to help mitigate risks faced by the industry itself.
“Enhanced analysis and disclosure will promote better industry information and cyber risk management by insurers, and also aid in appropriately incorporating cyber risks into ratings,” the report states.
Related stories:
Australian government to invest $50m for cyber security
ASIC backs cyber ‘incentive’