Majority of cyber policies are 'flawed'

cyber protection

Mactavish has warned that the majority of specialist cyber insurance policies contain significant flaws that could precipitate disputed claims and lower-than-expected settlements.

The warning comes amid a reported surge in business looking to protect themselves with specialist cyber cover.

In a review of around 30 off-the-shelf UK cyber insurance policies, Mactavish identified seven common flaws:

  • Cover could be limited to deliberate attacks and unauthorised activity, leaving business unprotected in the event of incidents caused by accidental errors or omissions.
  • The data breach costs covered could be limited to those which the business is strictly legally required to incur as opposed to much greater costs which would be incurred in practice.
  • In the event of systems interruption, cover can be limited to only the brief period of actual network interruption, ignoring knock-on effects after the repair of the technological fault.
  • Cover for systems delivered by outsourced service providers varies significantly and is often limited or excluded.
  • There were often exclusions for software in development or systems being rolled out. In some cases events involving recently updated systems may be excluded as well.
  • If issues are caused by contractors but the business is legally responsible, policies might not respond
  • Notification requirements are often complex and onerous.

Bruce Hepburn, Mactavish CEO, said: “There are a number of new cyber insurance policies being launched, but despite a sharp increase in cyber incidents this market is very immature and in many respects untested.

“Perhaps some of these policies have been rushed to market by insurers eager to capitalise on the growing cyber risks facing organisations, and their desire to spend significant amounts of money to protect themselves against this.

“Very few claims have been made on these new cyber insurance policies, but my bet is that many will be disputed, or settlements will be much lower than clients expected. However, this can be avoided if organisations first understand the cyber risks they face, and then secure a bespoke policy to meet their needs.”

  • LinkedIn  
  • Save this article
  • Print this page  

Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.

To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here:

You are currently unable to copy this content. Please contact [email protected] to find out more.

You need to sign in to use this feature. If you don’t have an Insurance Post account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here: