Brokers: are you aware of the retroactive conundrum in cyber policies?
Cybersecurity threats are emerging at a rapid pace and existing threats are intensifying tenfold. It’s a fast-growing insurance market worldwide, with many trying to get to grips with how to mitigate cyber risk and deal with the emerging risks that are starting to collate the intangible with the tangible.
The 2018 Cybersecurity Predictions published by Aon’s Cyber Solutions shows the top trends set to impact businesses in the next 12 months. The report is based on trends that Aon’s cybersecurity and cyber insurance experts are experiencing in their work with clients and have seen develop in the broader cybersecurity landscape.
Key predictions include: intensified global regulatory pressures with renewed enforcement of compliance and audit certificate requirements, increased liability claims against directors and officers, more integrated approaches to cyber risk management (as opposed to the silo-driven approach), and greater accountability in general.
Although understanding and awareness is generally on the rise, cyber insurance is not something insurance brokers should “just dabble in,” according to Brian Rosembaum, senior vice president and national director, Legal and Research Practice at ARS Canada. It’s a realm of complex policies with nuanced wordings, variable triggers and subtle differences.
“If a broker wants to be involved in policy placement and advice with respect to cyber insurance, they had better do their homework,” said Rosembaum. “Cyber policies tend to be very nuanced, and there are some common tropes that people often miss.
“One thing we’ve been wrestling with for a few years at Aon – which we’ve now started to get some headway on – is something called the retroactivity of the cyber policy, which looks at what actually triggers coverage in a cyber policy.”
The retroactive conundrum Rosembaum is referring to is effectively the idea that insurers don’t want to inherit a burning building. If a policyholder discovers malware in its systems that existed before the cyber policy was purchased – albeit unbeknown to the insured – then some insurers will refuse coverage.
If insurance brokers and their clients aren’t aware of this retroactivity issue, they could have “a rude awakening down the road” if a cyber claim is made, somebody sues and coverage is denied, explained Rosembaum. The balancing act between two interests (the insurer and the insured) is forever at stake.
“The devil’s in the detail when it comes to cyber insurance,” he told Insurance Business. “Brokers, agents and clients alike all need to drill down and fully understand the policy wording. If left in the hands of someone who doesn’t understand the nuances of the policies, cyber can be a dangerous road to walk.”