4 ADJUSTINGTODAY.COM provisions vary from carrier to carrier, cyber policies often have exclusions for physical damage to the insured’s property, as well as liability exclusions for bodily injury, third-party property damage, professional liability, management liability, and other exposures traditionally insured under other policies. Core operations Compared to auto risk, cyber risk is now much more integrated into the core operations of commercial enterprises and, increasingly, households. To be sure, IT design and maintenance can still be outsourced, but as long as insureds use computer networks to carry out daily activities, it’s virtually impossible to segregate all cyber exposures from other types of exposures. Indeed, with the integration of artificial intelligence and remote sensors communicating through the “Internet of Things” (also known as smart objects), operating decisions are increasingly made without direct human intervention. For instance, a network might operate your lights when you’re away from home and adjust the thermostat as you head home. In the workplace, networks monitor pressure within manufacturing equipment, automatically route shipments, monitor medical patient health, and much more. • If temperature sensors fail because they are hacked and a fire results from overheated equipment, where does the cyber loss end and the fire loss begin? How could you tell in a smoldering ruin? • What type of loss is it if a GPS app is disabled or manipulated to misdirect a shipment into the hands of cargo thieves? • If a professional utilizes artificial intelligence in decision-making and it turns out that certain information was corrupted, how do you deduct the cyber share of resulting losses from losses attributable to professional liability? Similarly, how does one distinguish between a public company’s cyber loss from a ransomware attack and the liability of directors and officers for allowing the attack to happen? In light of questions like these, attorneys for Anderson Kill, a prominent law firm that advocates for insureds, attempted to clarify the issues. They argued that whatever cyber-related exposures are excluded from other policies should be shifted to more expansive cyber policies. In 2019, they wrote: “If insurance companies begin a concerted effort to remove ‘silent’ coverage for cyber-related claims from policies protecting against bodily injury, property damage, first-party property [loss], business interruption, maritime and marine cargo insurance claims, then that protection will need to be found under cyber policies that provide more robust coverage than is presently the norm.”2 Five years later, there is little indication that cyber policies are being extended to cover such claims. One key exception is the recent introduction of contingent coverage for bodily injury and property damage liability in some cyber policies. Cyber premium and provisions From the mid-2010s until recently, there has been soaring growth in the amount of premiums derived from cyber coverage written on standalone policies. Growth in premiums derived from “packaged” cyber coverage — provided in conjunction with other coverage (i.e., businessowners policies) — is slower. The percentage of cyber premiums derived from Simply put, there are risks associated with what you do and where you do it, then there are risks associated with the vehicles and automation you use to do it — which may or may not be your own.
RkJQdWJsaXNoZXIy NjIxNjMz