Cyber is the dominating force in the insurance industry at the moment. Everybody wants to write it, sell it and master it. But while insurers and brokers scrap for business at the start of the trend, are they overlooking important facets of coverage under the pressures of competition?
There are “tricky exclusions” in cyber policies that brokers must be aware of, according to David Derigiotis, corporate vice president and director of professional liability, at Burns & Wilcox. Exclusions are built into policy forms, making them easy to overlook unless the broker understands the cyber policy at a very in-depth level.
Search and compare product listings for Cyber Insurance from specialty market providers here
“Tricky exclusions can be built into a cyber policy. For example, a client might not be able to make a claim if a cyberattack is implemented by a governmental state-sponsored entity,” Derigiotis told
Insurance Business. “As we move forward, there’s a real blurry line in terms of who is carrying out cyberattacks and whether these attacks are from government-funded or terrorist-funded organisations. If you have an exclusion in your policy that will prevent coverage from triggering because the cyberattack came from one of those organisations, you are going to be left holding the bag when something occurs.”
Another exclusion that sometimes exists in a cyber policy is when a breach occurs through an unencrypted mobile device. The internet of things has permeated our homes, businesses and everyday lives and an easily accessible cyber footprint could hinder a successful claim if an attack were to occur.
“We are a workforce that works from home and all over the world, so people are carrying laptops and smartphones wherever they go,” said Derigiotis. “If people have a device that’s unencrypted and a breach occurs because they lost that device or it was intercepted, they may find they have no coverage because they did not have the proper steps in place to make sure the device was encrypted.”
Good brokers are not only tasked with identifying gaps in coverage, but also with knowing the appropriate level of limits needed across all the coverage insuring agreements, which Derigiotis said “is often underestimated.”
A significant cyber event can make or break a client.
“If an organisation takes rapid steps to fix the situation and acts properly and in the best interests of their client base, a cyber event can sometimes strengthen a brand,” commented Derigiotis. “Having a calculated cyber insurance policy with no exclusions will help them to do that.”
Related stories:
XL Catlin enhances cyber insurance coverage with new policy form
These businesses continue to underestimate cyber threat