13 July 2021

Despite Cyber Insurance being a relative newcomer to the market, its evolution has been rapid with many Carriers working on versions three and four of their Policy wordings.

Cyber has not entirely escaped the effects of the hard market affecting the Property and Casualty classes although rates are certainly on the rise and capacity has become more selectively used.

None of the above is helped of course by the continued increase in claims trends both by number and amount with Ransomware and Extortion leading the charge.

What is changing in the cyber insurance market

One worrying development has recently been the announcement by AXA France, the Country’s largest general insurer, that it will no longer reimburse ransomware payments for customers within the country. These terms apply to new insurance policies going forward.

This move also coincides with other Governments who are considering the idea of banning ransomware payments as a means of stemming the rising tide of attacks by cutting off available funds

Ransomware has seen a global increase during the pandemic, but France has been unusually hard-hit and is second only to the United States with claims in the last 12 months totalling $5.5 billion in both ransomware payments and recovery costs.

Here in the UK there has been no action so far with Insurers focusing more on increased protection and risk management now in terms of deciding whether Ransomware/Extortion cover should be given rather than exclusions for all policies.

Silent cyber 

The other significant development within the Cyber market is the treatment of Cyber Coverage in Property and Casualty Insurance Programmes. This topic is commonly referred to as Silent Cyber.

Businesses will face more restrictive exclusions in respect of cyber incidents causing loss, injury or damage within their property and casualty policies.

This has been brought about following guidance issued to all Insurers and Lloyds Underwriters by the Prudential Regulatory Authority (PRA) and Lloyds of London and is referred to as the LMA clause 5400.

Lloyd’s issued a market bulletin mandating that all policies must be clear on whether coverage is (or is not) provided for losses caused by a cyber event.

Unfortunately this mandate has led most insurers to apply exclusions rather than to affirm cover. 

Cyber exclusion case study 

In terms of coverage certainty perhaps the clearest example of its operation would be as follows:

Hackers take control of a business IT System. The system controls ovens which are maliciously allowed to overheat ,explode and start a catastrophic fire. Previously this would be fully covered under the Material Damage (and Business Interruption policy)

Depending upon the wording of the LMA 5400 Malicious Cyber incidents of this nature would be excluded.

No cover is provided in any event under the Cyber Policy (if in existence)

Most property damage and business interruption covers underwritten on an “all-risks” basis provide cover for damage unless expressly excluded.

All policies of course have a number of exclusions or limitations, many already excluding certain types of damage to computer systems and electronic data.

It is recommended that you engage with a Broker who understands the implication of these developments to assess whether fire, explosion and other perils are covered and if so what is the extent of the coverage.

Contact us 

Verlingue’s Cyber Practice would be delighted to engage with you on this exercise. If you would like further information please contact Verlingue Technical Director, David Cobb.