Lloyd’s Moves to Address Silent Cyber Risk

Mandating that all non-affirmative policies provide clarity regarding cyber coverage
By Rob Boyce Posted on July 11, 2019

We highlighted Willis Towers Watson’s 2018 Silent Cyber Risk Outlook, which showed that concerns about silent cyber, or non-affirmative cyber risk—“potential cyber-related losses due to silent coverage under insurance policies not specifically designed to cover cyber risk”—were industry-wide. Again in November, we featured a Leader’s Edge interview with Prashant Pai, vice president of cyber offerings at Verisk, in which he discussed how Verisk was planning to partner with Capsicum Re in order to better model the unique threat.

Now Lloyd’s of London, the specialist insurance and reinsurance market, is also taking steps to mitigate silent cyber. According to a recent Lloyd’s market bulletin, “Lloyd’s is mandating that all non-affirmative policies provide clarity regarding cyber coverage by either excluding or providing affirmative coverage.” Here, Lloyd’s defines cyber risk as “any risk where the losses are cyber-related, arising from either malicious (e.g., cyberattack, infection of an IT system with malicious code) or non-malicious acts (e.g., loss of data, accidental acts or omissions) involving either tangible or intangible assets.” Non-affirmative policies is defined as policies “where no [cyber] exclusion exists and there is no express grant of cyber coverage.”

This mandate follows guidance from the Prudential Regulation Authority (PRA), the UK’s financial services watchdog. The PRA wrote to insurers in January 2019 regarding the results of their follow-up survey of insurance firms under their purview and industry associations about silent cyber.  Survey results showed there were “areas where firms can do more to ensure the prudent management of cyber risk exposures,” and the PRA made clear that it expected insurers to have action plans targeted at reducing the exposure caused by non-affirmative cyber coverage.

Lloyd’s will require that all first-party property damage policies written on or after January 1, 2020, conform to the new mandate. Additionally, for liability lines and treaty reinsurance, the requirements will come into effect during 2020/2021.

Rob Boyce Director, Market Intelligence & Insights Read More

More in P&C

Senior Living Facility Warning Flags
P&C Senior Living Facility Warning Flags
Technology helps predict COVID-19 outbreaks.
P&C The Next Pandemic
COVID-19 data modeling and granularity may lead to small pieces of coverage that...
Put Incident Response Front and Center
P&C Put Incident Response Front and Center
The lack of a fully developed and tested cyber response plan can cause a range o...