19. November 2020 Problem Silent Cyber: Insurance customers threatened with exclusion
Silent Cyber is currently a highly explosive topic in the global insurance market. Under this buzzword, both insurance companies and insured persons are dealing with the question of whether conventional insurance policies (such as property or liability insurance) also cover damage caused by cyber attacks. Whether and if so, to what extent, is the question. Is cyber damage possibly covered tacitly (“silent”)? The topic has gained extreme momentum due to the rapidly increasing number of cyber incidents.
The danger for insured persons: hard liability exclusions threaten
“In cyber damage, a risk that is usually difficult to calculate in advance lurks. Both for the insured and for the insurers. Expensive incidents in the last months force insurance companies to define clear demarcations,” explains Michael Spörlein, sales manager of EUROASSEKURANZ Versicherungsmakler AG. In fact at present some insurers are uncertain how to deal with the cover in case of an upstream cyber damage. It is also being discussed which cyber risks are insurable at all.
Cyber attacks can take on an almost infinite scale and scope: Data that is deleted or encrypted, robots that stand still or perform wrong actions due to a virus, hacked GPS systems that misdirect automated vehicles, people who are harmed by the malicious malfunction of a software. Cyber risks exist on a broad front. Cases where funds are withdrawn from accounts by criminals through phising are almost harmless against such devastating scenarios. In recent years, cyber damage has run into the billions.
What is likely to change for companies?
Cyber risks have now become a mainstream risk, as Allianz, for example, the major insurer, puts it in a nutshell*. In the Allianz Risk Barometer, cyber risks have risen steadily over the past eight years and are ranked as the most important global business risk for the first time in 2019.
Silent cyber exposures in conventional property and casualty insurance understandably cause discomfort for customers, brokers and insurers alike. It is not in the interests of policyholders to find themselves underinsured if the worst comes to the worst. Nor will insurers be able to permanently assume risk situations that have not been priced in. So all sides would do well to be more precise about cyber risks.
Solutions and approaches are currently being discussed in the insurance industry in various expert committees. There will not be one single solution. Cyber risks will have to be defined and specified in the wording of the terms and conditions, if this has not already been done. As far as policyholders are concerned, these conditions will probably differ according to specific line of business, market and environment.
Michael Spörlein: “We would like to make companies aware of the challenge that Silent Cyber poses. My recommendation: have our experts review your existing property and liability policies, discuss your potential risks with us and also find out about special Cyber IT policies”.