2 ADJUSTINGTODAY.COM The ‘silent cyber’ problem “Silent cyber” refers to losses arising from “cyber perils” that might be covered under property and liability policies that were never intended, written, or priced to cover such losses. Cyber perils include, under various labels: • Hacking: A unauthorized intrusion into a computer network, constituting a “breach” of information stored on the network - even if the information is not accessed, stolen, or used. • Social engineering: Schemes to trick legitimate system users into transferring funds, providing confidential information, or allowing access to unauthorized individuals. • Denial of service: The use of malicious coding (“malware”) or other means to prevent an organization from accessing its own systems and/or data. • Cyber extortion: Demands for money in exchange for restoring access to compromised systems and/or data. In addition to these intentional threats to data and networks, cyber risks also entail losses arising from accidental data compromises and unintentional transmission of computer viruses. In 2019, the Lloyd’s Market Association (LMA) issued a directive to its members to eliminate “silent cyber” coverage in non-cyber policies. The direction was prompted by regulators in the United Kingdom. LMA directives have great influence on global insurance markets, especially among nonadmitted carriers who underwrite most cyberinsurance. Led by Lloyd’s, insurers throughout the world are striving to restrict coverage for “cyber-events” to policies providing “affirmative” cyber-coverage that is specifically written and rated to address cyber-hazards.* Auto risk analogy Efforts to eliminate “silent” cyber coverage and establish “affirmative” cyber coverage reflect reasoning that considers cyber perils as distinctly different from risks insured by Increased business automation has resulted in a substantial increase in cyber-risks for all businesses, large and small. According to Allianz Risk Barometer 2024, cyber-incidents are the primary global risk, surpassing business interruption and natural catastrophes, which are second and third respectively. Businesses are at great risk of loss should any of the systems they rely on fail. These events highlight the need for businesses to purchase cyber-insurance and understand how to use it. All insurance policies are complex, but cyber-policies take things to a new level. For example, insurance policies have defined terms that dramatically change how the policy is to be interpreted and applied. The Insurance Services Offices (ISO) – the nation’s leading property/ casualty advisory organization – lists only three defined terms on its business and personal property form. In comparison, ISO’s cybercoverage form has 25 defined terms. And the most common cyber insurance policies in use often have over 100 defined terms. Understanding how to apply the terms of a cyberpolicy to cyber-related event is best left to an experienced team of professional trusted advisors. The insured’s broker, attorney, accountant, risk manager and public adjuster bring valuable knowledge and experience to the process. Failure to properly identify goals, strategize and submit a cyber-claim that doesn’t meet the conditions of the cyber-policy might well prevent a full recovery. Of course, the first step in protecting against cyberrisk is having a comprehensive cyber-insurance policy. This issue of Adjusting Today examines the evolution of cyber-coverage, from the noweliminated “silent-cyber” coverage to the current cyber-policies. It also addresses the multitude of risks that may be covered under these policies, including crime, liability, property – and even media and reputational harm. This article provides practical information that is useful in navigating the ever-changing world of cyber-risks. Enjoy! Ethan A. Gross, JD Editor
RkJQdWJsaXNoZXIy NjIxNjMz