[Skip to content]

Sign up for our daily newsletter
The Actuary The magazine of the Institute & Faculty of Actuaries

Property insurance policies exposing businesses to growing cyber risks

A growing number of UK commercial property insurers are removing all elements of technology–related cover from their policies, exposing businesses to greater cyber risks.

UK businesses facing 'silent cyber' risks ©Shutterstock
UK businesses facing 'silent cyber' risks ©Shutterstock

That is according to new research from governance experts Mactavish, which found that many companies are being told that they have to buy separate cyber cover.

This is despite the cyber insurance market lacking sufficient capacity to write large-scale property risks, leaving businesses unknowingly exposed and under-insured in this area.

Mactavish said that Lloyd’s of London and the Prudential Regulation Authority asking for greater clarity over what policies cover in relation to cyber has driven the “alarming” trend.

"While we welcome attempts to bring greater transparency, the redrafting of many policies is leaving clients under-insured," said Mactavish technical director Rob Smart.

"Some of the new wording we are seeing goes far beyond the intent of the Lloyd’s mandate.

“It means clients are no longer covered in areas such as loss of data from flooding or a fire, for example – even if it’s not related to a cyber attack."

One reworded policy reviewed by Mactavish excluded all losses “indirectly contributed to by” IT or data failure, “regardless of any other cause or event contributing” to a loss.

The researchers said that tech-related cover is being removed outright, and that this “black and white approach” fails to recognise the role of technology in almost every business.

This comes after CyberCube warned last year that insurers will have to change their modelling techniques to identify “silent cyber” risks hidden in traditional policies.

The analytics firm said that concern among reinsurers will compel cedants to eliminate ambiguity in primary insurance contracts, such as business interruption covers.

“Insurers are findings themselves squeezed between regulators and reinsurers, who both want non-affirmative cyber risk to be tackled,” said CyberCube co-founder, Ashwin Kashyap.

“The potential cost implications of failing to address it are frightening.

“Global standalone cyber premiums are estimated to be in the region of £4.2bn, but the connected exposure from silent cyber is higher by an order of magnitude.”

Sign up to our free newsletter here and receive a weekly roundup of news concerning the actuarial profession