Insureds ‘exasperated’ by confusing cyber cover says leading broker
Kip Berkeley-Herring, Partner in JLT’s Communications, Technology & Media (CTM) practice group, added that the situation is not helped because insurers seem split over whether cyber cover should be sold as a standalone product or an extension to multiline covers.
Speaking at Advisen’s Cyber Liability Insights Conference last week, Mr Berkeley-Herring said cyber cover frustrates insureds because they struggle to fully understand which risks it transfers.
For example, it is often unclear whether it provides first party or third party cover, or both, and whether it protects against business interruption, including non-physical damage, and incidents involving theft from, or data manipulation by, employees, he explained.
hide
“There are a myriad of heads of cover that actually go into this and I don’t think we as the insurance industry are doing ourselves much good by not explaining them thoroughly and cohesively and clearly to our customer base,” said Mr Berkeley-Herring.
Further confusion is caused by different approaches of insurers, he added.
“There seems to be a disparity in approaches by insurers as to whether this is something that is best served by the creation of a standalone cover or whether it is something whereby existing multiline covers are extended to provide the additional responses that are necessary,” said the broker.
Deciding which route to pursue is no easy task for risk managers. Mr Berkeley-Herring suggested that larger corporates tend to favour extending existing coverage whereas SMEs gravitate towards standalone polices.
“If you buy a standalone policy there is a danger of some kind of overlap or questions over which policy comes first, and which one to make a claim under. Therefore the argument stands that it might be better to see if you can get your existing programmes extended. This seems to be the common approach of the larger organisations-the big corporates that have a tendency towards multiline covers to pick up cyber exposures. But as you move down into the SME market then people are perhaps favouring the standalone cyber policies,” he said.
Clients long for clarity, he continued, and called on the risk transfer industry to get its act together and produce more commonality of response.
“Are we actually creating a new class of business? If so we need to see some kind of commonality in policy wordings and perhaps policies that are put together in a way that the cover is not just for first party, or not just third party exposures, but actually combine those. And then what about the other intangible risks that sit nearby like intellectual property infringement and reputational risk?” said Mr Berkeley-Herring.
Although there is great support for cyber risk transfer at c-suite level the broker said that many risk managers are finding it hard to fulfil this desire because of confusion over risk and subsequent transfer options.
Fellow speaker at the conference, Dr Claudia Natanson, CEO of Security Practitioners, agreed confusion surrounds the cyber liability market, arguing that this is in part because organisations do not fully understand the risks they face. But she also called on insurers to take a more holistic approach to transfer options.
“We understand the threat of the hurricane but we don’t know which part of the house is weak and which part is going to fall down. I think that is one of the things that risk managers aren’t able to do (with cyber risk). That is why a lot of organisations in the FTSE 100 space maybe will self insure,” she said.
“But the insurance world should also think about how we position insurance. Are we selling it as risk mitigating control-is it being sold to mop up every risk. I think now the product has to be so much more holistic,” she added.