A report issued to the association’s members details how some traditional lines of business might provide cover for the ever-expanding scope of cyber threats. But other scenarios show how common exclusions, not necessarily aimed at such perils, mean cover is not provided for cyber losses in situations where it might be expected.
In ‘Cyber Risks and Insurance – an introduction to cross class liabilities’ several possible claims scenarios are analysed. The paper, produced in conjunction with Norton Rose Fulbright LLP, also summarises the development of data protection rules and discusses the market for dedicated cyber insurance policies.
Chris Jones, IUA Director of Market Services, said: “Professional indemnity and D&O are two areas where it is possible to envisage situations in which, directly or indirectly, cover is provided for certain types cyber risk. Yet clients may not be fully aware of the scope of underwriting in these lines.
“Conversely, in marine and aviation business, for example, it can be seen that fairly standard policy exclusions may operate to limit the scope of cover in relation to cyber perils. Cyber-specific wordings and products, therefore, many be an effective way of filling the gaps of cover which exist in conventional lines of insurance.”
The report shows how separate cyber insurance cover - through extensions in existing policies, drop-down cover and comprehensive standalone policies - has evolved to reflect the emerging risk landscape. Also included within the publication is a ‘cyber key facts’ paper, information on reported cyber incidents and mitigation steps for insureds. It is available at www.iua.co.uk/cyber.
Mr Jones added: “Cyber risk has been described as the biggest, most systemic risk facing the insurance market in the last half century. Legislators worldwide are taking an increasing interest in this area and organisations are having to meet ever higher standards of risk management.
“The London company market is playing a leading role in developing insurance solutions and there are extremely high levels of engagement across the two cyber risk communities run by the IUA.”