Cyber & Data cover is still relatively new for insurers, and it’s constantly changing. Different terminology continues to come into play, determined by the ever-evolving landscape and the threat of cyber criminals. Over recent years, it has developed to be more comprehensive, combatting digital exposures with a standalone product.
Due to the wide range of vulnerabilities linked to cyber exposure (property damage, mental and physical injury to third parties, and pollution, to name a few), the wording for such cover can often be unclear. This creates uncertainty for both the insurer and the policyholder, and is known as ‘Silent Cyber’.
Here, we explore Silent Cyber in more detail, and highlight how new regulations are helping to bring about positive change.
What is Silent Cyber?
Silent Cyber is the term given when the cyber risk isn’t specifically covered or excluded in your insurance policy, resulting in ambiguity.
In the event of a claim, this lack of clarity can place policyholders in a vulnerable position. They may have to follow costly and time-consuming claims processes, not to mention possible repudiation that leaves them uncovered altogether.
Why is it changing?
Exposure is carefully analysed by insurers who use actuarial functions to calculate risk, adequacy of premium income, and profit. Silently providing cyber cover within policies adds in unknown exposure and potential claims costs (whether covered or not), and also damages profitability.
Back in 2019, the Prudential Regulation Authority (PRA) provided guidance on this topic, raising its concerns and instructing changes that would make policies clearer. Following this, Lloyd’s of London requested that insurers address such exposures with a mandate. And many others followed suit, setting up timescales for insurers to complete their reviews by July 2021.
How does this affect you?
Insurers change policy wordings all the time, so this isn’t anything new. Each renewal, they’re obliged to inform you of any updates. Some even provide ‘summary of change’ documents, highlighting any positive or restrictive alterations.
As a result of these latest changes, non-cyber policies will be redefined regularly. This often makes them narrower, as such cover isn’t intended to inadvertently provide protection in the event of cyber exposures.
Up until now, the main changes have been to remove or limit cover on liability or property policies. That’s because Professional Indemnity policies traditionally provided some protection against liability claims that arose from data breaches or other cyber incidents. And while we expect this to continue for a little while longer, it could change in the medium term.
For some, it might feel like insurers are looking to exclude all cyber risk. But that isn’t necessarily the case. The aim is to provide transparency on coverage so that everyone knows where they stand.
What should you do?
When taking out a new policy or renewing an existing one, we strongly recommend that you check the details and review any changes to see how they might affect you. It’s also worth discussing this with your broker or insurer, so you can better understand what is and isn’t covered.
The best way to protect the cyber exposure of your business is with specialist Cyber & Data insurance. Not every provider covers all vulnerabilities, but with the right guidance, these focused policies can help transfer a significant proportion of your exposure.
How can RiskBox help?
We live and breathe insurance. And when it comes to Cyber & Data cover, we can place you with an insurer that offers some of the most comprehensive policies on the market.
Not only do we meticulously vet all the providers we recommend, we also check every new policy that gets released to ensure our clients are appropriately covered. What’s more, we partner with industry-leading voices to help us stay up to date on the latest cyber trends.
Like the sound of our approach? Get in touch with a member of the team on 0161 533 0411, or fill in our contact form and we’ll get back to you.