This week, two major industry players announced the launch of dedicated cyber risk programs.
ACE Group, one of the world’s largest multiline property and casualty insurers, announced the launch of its new dedicated cyber risk business unit in response to internal research showing that cyber risk is a “top three” emerging issue among European risk managers. ACE first established its global cyber practice in 2014, and is seeking to strengthen its leadership in this new risk area with the addition of full-time dedicated cyber underwriting experts in Paris, Frankfurt, Rotterdam, Milan and Madrid, with support from cyber specialists in the Nordics, Poland, Switzerland and Czech Republic.
The Institutes also announced a Managing Cyber Risk certification program for insurance professionals focusing on mitigation of risk exposures and proper responses to cyber threats. A new course, Managing Cyber Risk, will teach insurance professionals how to analyze cyber risk coverages, interpreting exposures from an enterprise risk management perspective, and the different effects of cyber risk on separate operating units of insurance organizations. Marty Frappolli, senior director of Knowledge Resources for The Institutes, underscored the need for cyber expert claim handlers, recognizing the lack of technical understanding when it comes to cyber risk issues. “Because it is an evolving risk – there is no typical cyber risk policy,” Mr. Frappolli commented. Frappolli believes professionals must approach a cyber loss the same way they approach any other claim, and learn to apply cyber risk concepts to areas of coverage, exclusions and exceptions, such as first- and third-party losses, which Frappolli characterized as follows:
First party losses include:
- Damage to hardware, software and computer networks;
- Cyber extortion;
- Compromised or stolen data;
- Lost revenue and extra expenses due to business interruption;
- Breach investigation costs;
- Post-breach repair costs;
- Costs to notify customers or other stakeholders;
- Reputational damage.
Third party cyber risk exposure includes liability to other parties that suffered damage due to a breach, such as:
- Loss of privacy;
- Damages to network security of trading partner;
- Liability for libel or slander;
- D & O liability for failing to defend against cyber attack;
- E & O liability for when a producer fails to secure adequate cyber coverage for an insured.
As clients review and update their current coverages, it is essential to work with attorneys and insurance professionals who are knowledgeable of the many nuances of this emerging area of risk.