Stand-Alone Cyber Coverage Could Reduce Insurers' "Silent Cyber" Issues

The COVID-19 pandemic and the resulting increase in remote working and online business has increased cyber risks, yet a relatively small percentage of businesses purchases stand-alone cyber insurance, according to a new report from S&P Global Ratings.

Citing the Hiscox Cyber Readiness Report 2020, the S&P report "Cyber Risk in a New Era: Let's Not Be Quiet About Insurers' Exposure to Silent Cyber" notes that only 26 percent of firms surveyed have stand-alone cyber coverage. In some cases, businesses rely on obtaining cyber risk coverage from policies that don't specifically exclude the peril, so-called silent cyber coverages.

That silent cyber coverage puts insurers at risk of losses from cyber-related claims on policies that weren't intended to cover the exposure, the rating agency said.

"Even when the inclusion of cyber cover is explicit, a lack of transparency in both the policy's definition of cyber events and its terms and conditions creates uncertainty about the scope of the cover," the report said. "The importance of transparency and clear wording in policies became evident last year, when some insurers suffered reputational damage after rejecting policyholders' business interruption claims amid the pandemic."

Stand-alone cyber insurance products would reduce the problem by clarifying the scope of coverage, according to S&P, and would also be better suited to addressing the evolving nature of cyber risk.

The rating agency noted, however, that insurers' aggressive expansion into the cyber insurance market without effective risk controls could have a detrimental impact on S&P's assessment of insurers' balance sheets.

"In our rating framework, we not only assess the insurer's current state of play, but also the journey it may take to build up a sustainable cyber line of business," the report said. "Should an insurer expand aggressively in the cyber market without proper management of cyber risks and effective risk controls, it could change our view of the insurer's risk exposure, capital and earnings, or governance scores."