Cyber case law: Why all areas of insurance need to take note

The extent and application of cyber policies will impact many lines of insurance

Cyber case law: Why all areas of insurance need to take note


By Lucy Hook

The cyber insurance industry is faced with a rapidly evolving landscape of cybercrime and cyber security, but all lines of insurance could be impacted by cyber claims case law.

The US still dominates when it comes to cyber insurance products, meaning there is not a great deal of case law in the UK.

But as claims increase, many of the issues that will be thrashed out by legal experts will have wider-reaching effects.

Want the latest insurance industry news first? Sign up for our completely free newsletter service now.

There are many concepts and wordings within cyber policies which we still aren’t sure of when it comes to how they will be applied, Hans Allnutt, partner at DAC Beachcroft, where he leads the cyber and breach risk & breach response team, told Insurance Business.

Allnutt, who will be part of a panel discussing cyber claims case law and predictions for the future at the Insurance Law Masterclass in June, explained that the application of cyber exclusions under non-cyber policies will be one of the key areas that case law will help hone.

“When we come to insurance case law in the cyber space, you might get some challenges around the wordings of dedicated cyber insurance policies, but you will get some case law and some challenges from people who thought they had cover under their existing insurance policies for certain losses arising out of a cyber-attack, but in fact they didn’t,” he said.

The question of whether insurers will cover losses arising out of a cyber-attack under non-cyber policies is still a murky one – but the financial exposures could be huge.

Insurers must work out how to insure physicals assets in a virtual world, and the concept of cyber exclusions – as well as how effective they are – is likely to be tested in the courts, Allnutt explained.

And while insurers are comfortable with how to underwrite business interruption in the physical space, the parameters of a cyber interruption – such as how it will be quantified, and how to differentiate between an interruption or a lesser ‘degradation’ – are less clear.

You can hear more from Hans Allnutt at the Insurance Law Masterclass on June 08 at The Grange City Hotel in London.

Related stories:
Ransomware: The good and the bad for cyber insurers 
Only 14% of British SMEs have cyber insurance – study 

Keep up with the latest news and events

Join our mailing list, it’s free!