The world of cyber insurance is fraught with peril.
Attorney Charlie Bernier, who practiced insurance defense law before entering the insurance business, said that not all cyber policies are created equal. “The interesting thing about cyber insurance is that the policy does not have a standard format. There is no ISO form for cyber and there are about 50 to 60 carriers doing it right now. Not one policy is the same as another, meaning the same word could be defined differently in two different policies.”
Today, Bernier is corporate counsel and principal consultant in the Professional Liability and Cyber Division of ECBM Insurance Brokers and Consultants of Pennsylvania.
One of the things he said agents need to be aware of is sub-limits. “They end up sub-limiting these cyber policies. So you buy a $1 million cyber policy but the carriers right now are seeing a lot of claims in cyber crime, so they are sub-limiting that at $250,000,” he said.
Bernier said sub-limits are just one of the ways carriers are protecting themselves. He said some carriers put exclusions on policies and that agents and their insureds need to be really careful when filling out applications.
“For instance, encryption exclusions are a big one that you will see on many policies. What this means is that if you are not fully encrypted and you have a breach no matter where the breach is, you won’t be covered by the carrier. They put it in the application where you answer yes or no. If you answer no, you will still get covered, but your premiums will be sky high,” Bernier said. “If you answer yes and it doesn’t end up to be the case, you won’t be covered even though you bought insurance.”
“These are just some of the things people need to watch out for,” he said, advising that agents do what they can to remove sub-limits and exclusions from policies or, at the very least, make sure their clients understand exactly what is and isn’t covered.
While he said agents always need errors and omission coverage of their own, that is especially true when selling cyber coverage. “I have seen incidents where an agent says ‘OK you have cyber,’ but the limits are too low or they don’t have business interruption coverage, and thought they did,” he said.
