Remember when Lloyd’s of London requested clarity of coverage for cyber exposures in all insurance policies to address the issue of silent cyber? It was seemingly for the best interest of everyone involved… but now it is being suggested that the move has brought about unintended consequences.
According to insurance governance expert Mactavish, it is witnessing a significant increase in UK commercial property insurance policies removing all elements of cover that relate to technology. Data loss or IT meltdowns, for instance, will not be covered even if they come about due to, say, a fire.
“This alarming trend has been prompted by UK insurance bodies the Prudential Regulation Authority and Lloyd’s of London mandating greater clarity over what commercial property insurance policies cover in relation to a cyberattack,” claimed Mactavish.
“Many clients are now being told that even loosely tech-related elements of cover in their commercial property insurance cover are being removed outright, and they will now have to buy separate cyber cover to insure against these risks. Yet this black-and-white approach fails to appreciate the integral role technology plays in almost every business today, and the cyber insurance market lacks sufficient capacity to write large-scale property risks.”
Mactavish asserted that these changes to commercial property insurance policies are resulting in under-insurance. To illustrate, it cited a policy that had been reworded to exclude all losses “indirectly contributed to by” IT or data failure “regardless of any other cause or event contributing” to the loss.
“While we welcome attempts to bring greater transparency to the insurance market, the redrafting of many commercial property policies is leaving clients under-insured and exposed to a range of broadly ‘tech-related’ risks which they had believed would be covered,” stated Mactavish technical director Rob Smart.
“Some of the new wording we are seeing goes far beyond the intent of the Lloyd’s mandate, and it means clients are no longer covered in areas such as loss of data from flooding or a fire, for example – even if it’s not related to a cyberattack.”
