#CyberFLASH: Developments in cyber-risk insurance coverage

201310281614240l4j1t1yodou1gmqihww4xc3fCoverage for cyber risks

At one time, organisations may have assumed that losses due to cyber risks were covered under their commercial general liability policies. However, today broad policy exclusions with respect to a host of data-related losses are commonplace. Except for ‘Y2K’ data exclusions which arose at the turn of the century amid fears that electronic devices would fail to distinguish between century years, exclusions with respect to data loss and liability for data loss were generally not contemplated. The typical broad form exclusions found in modern commercial general liability policies have developed partly because of the relative newness of the cyber-risk phenomenon – making it difficult for insurers to quantify the risk and therefore necessary to exclude them – and partly because of the recent proliferation of high-profile and costly incidences. Unlike what turned out to be unfounded fears of a cataclysmic Y2K event, the likelihood of experiencing cyber-attacks, privacy breaches or data loss incidents are now said to be a matter of when and not if. As a result, if an organisation wishes to obtain comprehensive insurance coverage for cyber-related risks, the insurance – to the extent available – must be thoughtfully and deliberately sought.

Cyber-liability policies

Fortunately, due in part to general overcapacity in the global insurance marketplace, insurers and reinsurers are looking to new products as avenues to increase business, and some are willing to take on cyber risk, at least to a limited extent. Specialised cyber-risk insurance policies are now available, and in some instances may specifically be designed to respond to a number of losses due to a cyber-attack or privacy or data security breach. In fact, many are calling cyber-risk coverage one of the fastest-growing insurance products today. However, the scope and limits of coverage will necessarily be subject to the underwriter’s overall risk appetite and ability to quantify the nature and extent of the risks that it is assuming. Therefore, coverage for some types of risk may simply not be available – or the limits offered may be inadequate to cover the organisation’s potential risk exposure.

Read more here

About canux
© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.