Limits and exclusions on existing cyber policies are creating uninsured gaps for businesses across a number of areas.
That’s the opinion of Andrew Bart, Crawford & Co.’s CEO of Asia Pacific, who told the 2017 RIMS Risk Forum Australasia that as the industry learns more about cyber risk, the limitations of traditional coverage become more apparent.
“We are dealing with a risk and an industry in which the plane is being built as we are flying it and therein lies the challenge,” Bart said. “If you look at exclusion 7A in a standard ISR policy it excludes losses of an unauthorised incursion into a computer system and, by definition that is likely to limit the property cover.”
Bart said that as cyber policies are much less uniform than ISR, questions need to be raised on how a cyber policy would respond if a property loss flows on from a cyber incursion.
He also noted that there could be “very significant losses” in relation to limitations and restoration periods linked to cyber. If a cyberattack resulted in the loss of intellectual property or customer lists, for example, Bart noted that businesses could face “very enduring” business interruption losses.
“The benefit is to be broad in the coverage because mitigation is by far the better way to go here,” he said.
With more gaps in coverage coming to the fore, how can brokers best protect their clients from these emerging threats?
According to André Louw, chairman of
JLT in Australia, one way would be for cyber to be treated as an umbrella policy, which sits above traditional covers on a difference in conditions or difference of limitations basis with drop down protection.
“My recommendation would be, as risk managers you get your brokers to design and place the widest cover you can get on property and the different liability classes and, all other things being equal, get those which offer the cyber cover on a primary basis. Then take a cyber policy and treat it almost like an umbrella policy above the rest of the program,” Louw told attendees.
Louw added that insurers will respond better to clients that utilise an umbrella approach compared to those buying cyber “from the ground up on the widest possible basis”. He noted that an umbrella approach to cyber could work because, as a risk, it cuts across a variety of areas of insurance such as property, D&O, and public and product liability.
“The benefit of doing that is you are going to minimise gaps that way, and you are going to get a cheaper cyber policy,” he said.
Related stories:
State reveals cyber strategy
Chubb reveals cyber appointments for Asia Pacific
.jpg)
