Current technology now allows the internet to permeate almost every aspect of daily life. Thanks to the Internet of Things (IoT), we now live in a world where even the most mundane objects can be embedded with hardware that allows them to communicate with each other.
While businesses could also benefit from the IoT, this interconnectedness can put cyber insurers on the hook for property damage once these “smart” systems get compromised.
Rather than arguing whether cyber or property insurers should cover IoT-related losses,
CFC Underwriting international cyber team leader Lindsey Nelson believes both groups should work together.
“I think there’s a misconception, in the age of the Internet of Things (IoT) and with everything being connected and with technology [being] a piece of everything that we do these days … you can’t just say that because they use technology that that [means it] is a cyber risk,” Nelson said.
“[Because] then you’re asking cyber to pick up every exposure, whether it be terrorism or property damage or crime – it can’t just fall under cyber because there’s no other policy that will be willing to understand the exposure and underwrite to it.”
Nelson believes that current business risks are so complex and multifaceted that it would be wrong to make cyber insurance handle everything that vaguely involves data and computers. Other markets need to pitch in – in particular, the property market.
She warned that a major cyberattack that manages to damage property at a global level could potentially spell the end for the cyber market.
“Any major manufacturer, large industrial company, or energy or utilities company that is reliant on software automation … which is, in reality, almost everybody in this day and age … it could take one insured loss [for a company with billions of dollars’ worth of assets] to take out the whole entire market,” she remarked.
To save the cyber market from being overwhelmed, Nelson believes that the property market’s CL380 exclusion, which names cyber risks as exclusions, should be done away with.
“What they need to do in order to remove that exclusion is actually just understand the exposures … and that will take a combination of working with the cyber market in order to be able to write them,” she says. “We’re not blindly saying, ‘You pick it up, it’s not our responsibility.’ I think it takes a combination of the two markets coming together and understanding the exposures.”