Silent cyber is the unidentified level of cyber exposure when an insurance policy does not expressly include cyber events as triggers for loss or when it does not explicitly exclude it, and this can pose risks for both insurers and insureds, according to an expert at global broker Marsh.
Chanel McCanna, managing principal for cyber at Marsh, delved into silent cyber in insurance, the gap currently threatening organisations.
“This type of risk can lead to uncertainty for both the insurer and insured around payment of claims caused by cyber events,” McCanna said. “From an insurer's perspective, claims stemming from cyber events, which have been neither underwritten nor charged for, create unmeasured exposure within insurer portfolios. Insurance regulators have tasked insurers to identify, quantify, and manage their cyber exposure and to thereby remove the ’silence’ across all non-cyber policy lines.”
In an article for Marsh, McCanna noted that cyber insurance covers a broad range of costs and liabilities arising from cyber events, but it does not directly cover the value of tangible or intangible property. Therefore, the product only covers a part of the total potential impact from a cyber event.
McCanna advised organisations to examine their non-cyber insurance policies' exclusions. Afterwards, they may consider the following:
“If your company is considering a standalone cyber-physical damage policy as an option to fill the insurance gap, it is important to first examine the policy and understand the implications before committing to the purchase,” McCanna said.
