By Loretta Worters, Vice President, Media Relations, Triple-I
Despite the occurrence of cyber threats and the increasing number and severity of incidents, C-suite directors, officers and executives remain too much in the dark when it comes to cyber risk and Insurance, Risk & Insurance author Alex Wright describes in this month's cover story, Vigilance Demanded .
Although specific insurances are available to cover the risk, many policyholders still expect them to be covered by their property and liability insurances – but are not. Risk & Insurance a subsidiary of the institutes and Triple-I's sister organization, notes that commercial insurance still suffers from a lack of clarity regarding damages from cybercrime.
Confusion about coverage can lead policyholders to experience unexpected coverage gaps.
"At best, a cyber incident can trigger coverage under multiple insurances and increase the total available limit to respond to a covered event," said Adam Lantrip, CAC Specialty & # 39 ;s cyber practice manager. "In a more common scenario, multiple insurances can be triggered but not coordinated with each other, and the policyholder spends more on legal fees than the cost of having purchased stand-alone cyber insurance in the first place."
Of particular concern to insurers is tacit or "non-affirmative" cyber risk, where potential cyber-related events or losses are not explicitly covered or excluded in traditional policy. In such cases, insurance companies may end up having to pay unexpected damages for which the insurances were not priced sufficiently.
"Cyber risk is present in almost all insurances now," says Tracie Grella, AIG's Global Head of Cyber Insurance. . "But because it has not been included in the guarantees of standard policies such as property, or correctly identified, assessed, priced and incorporated into the aggregation model, it poses a huge systemic risk that can not just be ignored."  Silent cyber was first manifested in WannaCry, Petya and NotPetya cyber attacks in 2017, which destroyed everything from shipping ports and supermarkets to advertising agencies and law firms, the article explains. The resulting losses from encryption of master files and subsequent demands for Bitcoin passwords to restore access were the most expensive on the record, exceeding $ 3 billion. policies. They must also keep an eye on the scale of the problem and understand the most common misconceptions and coverage disputes surrounding silent cyber.
More about cyber from Risk & Insurance  5 tips to get the board invested in cyber risk management
Why every company needs a cyber attack response plan regardless of their size – and useful tips to get started
Nobody is safe from cyber threats. Train your employees to defend your business now or risk millions
Manage cyber risk for SMEs: why everyone requires a specialized strategy
More from the Triple-I blog
Cyber risk becomes real, requires new approaches
Companies large and small need to be cyber-resistant in a covid-19 world
victims twice? Companies that pay for cybercrime may be subject to US penalties