Silent cyber is a widely debated subject in the cyber insurance industry, but many companies do not understand what it is or how it impacts them. Vista has prepared a Frequently Asked Questions reference sheet to boost our clients’ knowledge of cyber threats, share advice and ensure that you are well protected.
What Is Silent Cyber?
Silent cyber applies to possible cyber risks found in conventional property and liability insurance plans, that do not implicitly contain or exclude cyber risk. It is also referred to as cyber ‘non-affirmative’.
Unlike stand-alone cyber insurance, which clearly defines the parameters of cyber coverage, many traditional policies (e.g. property and casualty) do not specifically refer to cyber security and could theoretically be assumed to pay claims for cyber losses under certain circumstances.
Why Are Insurers Concerned About Silent Cyber?
Insurers and regulators are concerned that silent cyber can pose a significant, unexpected risk to the portfolios of insurers. A non-affirmative insurer would not have recognised the possible cyber risk unintentionally protected and would thus not have: measured the increased exposure of the policyholder, changed the premium, or evaluated the potential risk aggregation of its own portfolio.
Why Is Silent Cyber a Concern for Policyholders?
Lack of clarification in some standard property and casualty plans can also lead to uncertainty or misunderstanding about cyber risk coverage. Some businesses will assume that they have sufficient cyber risk coverage, when in fact they do not. Additionally, the non-affirmative wording of the conventional insurance contract could be subject to varying interpretations by the insurers, which may lead to legal conflicts.
What Changes Are Insurers Making?
Insurers are taking measures to resolve this issue, some mandated by regulators, to explain their coverage intent regarding cyber. Some insurers have explained their purpose to cover cyber threats by identifying them and then removing them from non-cyber policies. Some implement new policy terminology and guidelines; others, such as Lloyd’s, are requiring insurers to either specifically exclude or include cyber risk in their conventional lines policy wordings, as of January 2020.
What You Should Do
These changes may affect how cyber perils are covered, or not covered, under existing insurance programmes. You need to carefully review your current policies and examine any exclusion proposed by your insurers, as several silent cyber exclusions may be overly broad.
Depending upon the insurance product and the insurer, you may be able to purchase affirmative cyber coverage under a non-cyber policy. In many cases, however, a standalone cyber policy may be the best solution to ensure coverage and fill gaps resulting from a silent cyber exclusion.
Contact us today to arrange your cyber cover.