Broker Check

"Silent Cyber" and the Risk of Coverage Gaps

January 24, 2020

As Cyber insurance becomes more widespread, insurers are addressing "silent cyber" - traditional policies that do not explicitly exclude cyber risks but were not intended to cover them. 

Today virtually all General Liability policies include some type of endorsement excluding cyber risk, with or without exceptions for traditionally covered injuries. Property policies are less likely to have explicit exclusions, leaving open the possibility that physical damage resulting from a cyber attack will be covered. (Business interruption will be limited to a low sub-limit for "interruption of computer operations".) When Crime is covered by a stand-alone policy or coverage form, computer crime insurance is offered, but extensions to Property policies may be silent."Management" coverages such as Directors and Officers Liability could arguably be said to cover claims arising from cyber incidents that fall within the insuring agreement, in the absence of specific exclusions.

Insurers in the United States, London and Europe are taking steps to clarify that policies explicitly exclude or cover cyber risks. There is a possibility that overly broad exclusions will create gaps covered neither by traditional nor cyber policies.

A recent memo from the Covington law firm (discussed by Kevin LaCroix in The D&O Diary(htpps;//www.dandodiary.com/2020/01/articles/cyber-liability/addressing-silent-cyber-and-the-risk-of-coverage-gaps/) makes a number of recommendations for policyholders: 

  1. Review traditional policies at renewal for new exclusions or limitations. The memo also advises policyholders to resist new exclusions; with a hardening insurance market this may not be feasible.
  2. Harmonize traditional and cyber policies to be sure there are no gaps.
  3. Consider purchasing broader Cyber coverage to replace exclusions in traditional policies.
  4. Use alternative risk transfer mechanisms such as contracts or captive insurance.
  5. If a cyber incident occurs, notify all insurers.

If you are unsure about the extent of your coverage for cyber related claims, Beacon will be glad to do a through coverage review with recommendations.