Lloyd’s Moves to Address Silent Cyber Risk

Mandating that all non-affirmative policies provide clarity regarding cyber coverage
By Rob Boyce

We highlighted Willis Towers Watson’s 2018 Silent Cyber Risk Outlook, which showed that concerns about silent cyber, or non-affirmative cyber risk—“potential cyber-related losses due to silent coverage under insurance policies not specifically designed to cover cyber risk”—were industry-wide. Again in November, we featured a Leader’s Edge interview with Prashant Pai, vice president of cyber offerings at Verisk, in which he discussed how Verisk was planning to partner with Capsicum Re in order to better model the unique threat.

Now Lloyd’s of London, the specialist insurance and reinsurance market, is also taking steps to mitigate silent cyber. According to a recent Lloyd’s market bulletin, “Lloyd’s is mandating that all non-affirmative policies provide clarity regarding cyber coverage by either excluding or providing affirmative coverage.” Here, Lloyd’s defines cyber risk as “any risk where the losses are cyber-related, arising from either malicious (e.g., cyberattack, infection of an IT system with malicious code) or non-malicious acts (e.g., loss of data, accidental acts or omissions) involving either tangible or intangible assets.” Non-affirmative policies is defined as policies “where no [cyber] exclusion exists and there is no express grant of cyber coverage.”

This mandate follows guidance from the Prudential Regulation Authority (PRA), the UK’s financial services watchdog. The PRA wrote to insurers in January 2019 regarding the results of their follow-up survey of insurance firms under their purview and industry associations about silent cyber.  Survey results showed there were “areas where firms can do more to ensure the prudent management of cyber risk exposures,” and the PRA made clear that it expected insurers to have action plans targeted at reducing the exposure caused by non-affirmative cyber coverage.

Lloyd’s will require that all first-party property damage policies written on or after January 1, 2020, conform to the new mandate. Additionally, for liability lines and treaty reinsurance, the requirements will come into effect during 2020/2021.

Rob Boyce Director, Market Intelligence & Insights Read More

More in P&C

Private D&O Market Ripe for Opportunity
P&C Private D&O Market Ripe for Opportunity
Brokers play a critical role in helping clients understand the coverage and bene...
Sponsored By The Hartford
P&C Ready? Set. Flood.
Homeowners need mitigation before the storm, and insurance is willing to pay.
Risk Assessments Are the Best Checkup
P&C Risk Assessments Are the Best Checkup
Are you adequately tracking the health of your cyber-security program?
Insuring Screams
P&C Insuring Screams
Now that it is finally October, we decided to tap into the spooky side of our in...
Flood: It's Not Just a Coastal Problem
P&C Flood: It's Not Just a Coastal Problem
Consumers, brokers and everyone else are desperate for trans...
Q&A with Austin Ledgerwood of Cover Genius
P&C Q&A with Austin Ledgerwood of Cover Genius
When people stop buying cars, they’ll still need insurance...