Cyber risk cover: Time to be more specific

Cyber risk could be defined as any risk resulting from doing business in the digital realm. Some of these risks will already be covered under current policies, whereas other events require specific cyber insurance. Where do the more conventional types of cover end and where does cyber insurance begin?

The growth of cyber risks is extending the boundaries of those areas requiring specific cyber cover. If companies fail to keep pace with this development, they may think they are covered for more risks than they really are. The implications of that can be extremely serious if they apply to something major, such as business interruption with an exclusion for cyber incidents.

Risk departments need to review their policies and establish a clear picture of what is insured. Then they can determine their exposure and decide whether to transfer additional risks. Insurers can support this process if necessary.

The whole cyber area is relatively new and it lacks an industry-wide framework, terminology etc. For example, cyber risks are still not coded in a consistent way. Moreover, codification is a big challenge as the risks are always changing. Then again, not having codification is also challenging.

Ultimately, the responsibility for codifying risks lies with the insurance sector. However, in the interim period companies can help themselves (and their insurers) by maintaining a detailed framework with clear and detailed categories for recording cyber incidents. Combining the database information with the results of a cyber risk assessment will give a much improved picture in terms of exposure.

While companies do need to act independently in documenting their incident history and vulnerable areas, industry-wide dialogue is also valuable. This will reveal industry trends and facilitate communication on new threats.

A data breach doesn't mean game over. After a cyber-attack we get you back in business.

Learn more about our Cyber insurance solutions.