Mactavish has warned that the majority of specialist cyber insurance policies contain significant flaws that could precipitate disputed claims and lower-than-expected settlements.
The warning comes amid a reported surge in business looking to protect themselves with specialist cyber cover.
In a review of around 30 off-the-shelf UK cyber insurance policies, Mactavish identified seven common flaws:
- Cover could be limited to deliberate attacks and unauthorised activity, leaving business unprotected in the event of incidents caused by accidental errors or omissions.
- The data breach costs covered could be limited to those which the business is strictly legally required to incur as opposed to much greater costs which would be incurred in practice.
- In the event of systems interruption, cover can be limited to only the brief period of actual network interruption, ignoring knock-on effects after the repair of the technological fault.
- Cover for systems delivered by outsourced service providers varies significantly and is often limited or excluded.
- There were often exclusions for software in development or systems being rolled out. In some cases events involving recently updated systems may be excluded as well.
- If issues are caused by contractors but the business is legally responsible, policies might not respond
- Notification requirements are often complex and onerous.
Bruce Hepburn, Mactavish CEO, said: “There are a number of new cyber insurance policies being launched, but despite a sharp increase in cyber incidents this market is very immature and in many respects untested.
“Perhaps some of these policies have been rushed to market by insurers eager to capitalise on the growing cyber risks facing organisations, and their desire to spend significant amounts of money to protect themselves against this.
“Very few claims have been made on these new cyber insurance policies, but my bet is that many will be disputed, or settlements will be much lower than clients expected. However, this can be avoided if organisations first understand the cyber risks they face, and then secure a bespoke policy to meet their needs.”
#CupcakeDay is finally here and we can’t wait to see all the fun!— Alzheimer's Society (@alzheimerssoc) June 13, 2019
We’ll be sharing some of our favourite pictures across the day, so remember to use #CupcakeDay and keep an eye on your notifications.
Have a completely delicious day, and thank you for rising against dementia 🧁 pic.twitter.com/BPfL9FLjuq
- Guy Carpenter suspends senior boss following harassment claims
- Blog: MoJ fixed costs consultation is whack-a-mole for policymakers
- Q&A: National Windscreen managing director Jan Teo
- This week: Dual pricing and sexual harassment claims
- Analysis: Diversity and Inclusion: A marked shift in commitment
- First Central's Andy James on trusting in insurance
- Lawyers slam government for 'cutting corners' on whiplash portal