Brokers searching for cyber-insurance for their clients would be best to find a policy that expressly covers data breach or privacy risks instead of handling coverage by way of endorsements onto non-cyber policies, a Marsh brokers says.
An A.M. Best webinar noted a number of different cyber liabilities requiring coverage, including data breaches due to hacking or employees; tech disruptions that lead to business interruption; online postings that lead to libel/slander; wrongful data collection; and vicarious liability due to breaches of data outsourced to third parties, to name a few.
John Weber of A.M. Best said some companies offer cyber coverage through “a myriad of endorsements” that attach to non-cyber policies such as business owner policies, general liability policies, professional liability policies and/or D&O policies.
But unless the policy expressly says it covers cyber liabilities, a client should assume they aren’t covered, said Robert Parisi of Marsh FINPRO.
“There’s the old saying that a camel is a horse built by committee,” Parisi said. “You want your insurance policy to say what it covers and what it doesn’t cover – and you want it to say that expressly.
"Don’t expect you homeowner’s policy to cover you for hospitalization. Don’t expect you auto policy to cover you for your worker’s comp. You shouldn’t expect other policies to morph into something that they’re not.”
Parisi said cyber risks are very specific risks, which require very specific underwriting expertise. He essentially warned brokers not to entrust coverage to insurance companies that do not specialize in underwriting cyber policies.
