A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 28 julio 2017
Many of us have thought or heard that cyber risk is the new natural catastrophe (Nat Cat). While this may be the case for some insureds, others have very low chances of facing a massive exposure.
Jurisdiction, type of data, nationality of users/clients, legislation, industry, security standards, service providers, software tools, production standards, covers and extensions, and the type of breach, are all factors that will have implications on the degree and extents of a loss.
As more and more cyber insurance products are sold in the market, underwriters will most likely pursue the development of more creative, innovative and comprehensive covers.
We see underwriters developing policies that include cover for the breaches suffered by vendors or service providers. There is also a move towards the inclusion of Contingent BI covers, or D&O, E&O, product liability and/or computer crime extensions; mimicking the ones we are used to seeing within general liability policies.
Insurers may seek new niches for business but also must be fully aware of the impact that new covers will have in their exposure, this is, because in today’s digital economy the cyber risk is always on the rise.
To illustrate this, we bring to your attention some examples and their collateral risk scenario:
Avoiding a catastrophic cyber scenario requires that insurers carefully choose their business strategy, developing innovative products that complement but not aggregate risks to their exposure. We recommend that insurers consider a business strategy that diversifies risk using economy of scale approach offering all members of a supply chain discounted products, instead of aggregating their risks to a single cyber policy.
Strategic approach will not only depend on the policy wording and exclusions, but also on the approach used while assessing risks. As absurd as it may seem, many policies and proposal forms require or inquiry about “audits”, not referring the nature or standards of them. Very few proposal forms question the existence of certifications and almost none of them include condition precedents requiring compliance with a specific security standard of the IT industry.
We still need to learn more about the risks posed by the cyber industry, part of this is due to the lack of information, the constant development of new IT products, the lack of cyber insurance products, the lack of precedents and laws addressing IT risks, beyond privacy. A prudent approach requires not only to avoid aggregation, but also having legal and IT experts involved in the development of any cyber product, as well as in the attention of any cyber claim.
London - Walbrook
+44 (0) 20 7894 6925
+44 (0)20 7894 6577
+44 (0)20 7894 6930
Vladimir Rostan d’ Ancezune
Sally Roff, Stefan Desbordes
David Williams, Peter Allchorne, Barrie Hall
Clare Hughes-Williams, Catrin Davies, Naomi Park, Sophie Ruffles
Emma Fuller, Jade Batstone, Daniel Miller
Sally Roff, Chris Baranowski
Charlotte Le Maire
Andrés Amunátegui Echeverría, Sascha Stullenberg
Peter Allchorne, David Williams
Richard Highley, Julian Bubb Humfryes
Mark Roach, Rebecca Austin
David Williams, David Johnson