Listen up – You might have a Silent Cyber Risk problem

By Meghan Schaber

Listen up – You might have a Silent Cyber Risk problem

Silent Cyber Risk is a new, emerging term that most outside of the insurance industry have never heard. What is Silent Cyber Risk and why is it gaining so much buzz in the insurance industry? In short it’s a term that speaks to the complex chain of liability that cyber threats can entail. Your approach to Cyber Liability may not be ready.

Press coverage following high profile cyber incidents like the Equifax breach, WannaCry and NotPetya attacks firmly ensconced “Data Security” and “Cyber Risk” in the public lexicon. When most people think about Cyber Risk, however, they typically think about the privacy issues that have come to light in these well publicized incidents.  However, Cyber Risk is now more than just a privacy issue

Whenever personal identifiable or confidential information is potentially exposed there are certain regulatory obligations that necessitate an investigation. This is an exposure for any business regardless of their nature of operations.  Think about the following scenario: An e-commerce retailer wants to be able to deliver packages with the help of drones. Faster delivery is a laudable goal, but what if those drones were hacked and infected with malware? The horrible scenarios are endless; packages being dropped mid-air causing pedestrian injuries and car accidents, not to mention the package being destroyed, drones careering into buildings or power lines, etc.

Now, with that scenario in mind, what insurance policy or policies would respond? A Cyber Liability policy might help with the initial breach investigation or business interruption claim but what about all bodily injury or property damage. Most Cyber Liability policies exclude bodily injury and property damage. So, this type of attack could involve several policies, including Cyber Liability, Auto, General liability, and Property. When the coverage is not explicitly excluded or included, insurance buyers can lack coverage certainty.

Cyber Liability insurance policies typically exclude the aforementioned risks and traditional policies such as General Liability are not always clear on whether they are providing coverage. The issue is even greater on Property policies which are written as “All Risk” policies. All Risk policies, as the term implies are meant to cover everything except what is specifically excluded. Until recently, most insurers did not see a need to exclude Cyber Attacks but as our reliance on technology increases and losses mount, insurers are looking to affirmatively exclude these risks on some Property & General Liability policies.

Although the drone delivery hypothetical sounds a little futuristic today, consider the internet-connected systems and devices we currently deal with on a daily basis: navigation systems, industrial control systems, home security systems, building fire alarm systems, traffic and elevators can now all be targets. The so called Internet of Things is emerging all around us and is vulnerable. Insurers and their policies will need to adapt.

In a dynamic risk environment, details matter more than ever. Insurance companies are sorting their way through the complexity of Cyber Risk and Silent Cyber Risk and liability. Policy terms are in flux, making expert understanding of, and coordination between, policies more important than ever. A specialist broker can manage the process of identifying Silent Cyber Risk gaps in an insurance program, spotting exclusions that could limit coverage, locating cyber insurers willing to address coverage on a cyber liability policy, and ensuring the intended response across your entire coverage portfolio.

The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.