General Insurance Article - Eight flaws in cyber insurance policies to refuse pay outs

Mactavish, the UK’s leading expert on insurance governance, has challenged insurers and brokers to guarantee that eight common flaws it has identified in policies will never be used as reasons to refuse pay-outs on cyber insurance claims.

 Several insurers and brokers have denied that the flaws – discovered by Mactavish in analysis of dozens of ‘off-the-shelf’ cyber insurance policies - even exist.

 Mactavish has now challenged the Association of British Insurers, brokers and insurers in an open letter to state publicly on behalf of its members that no claims will be rejected because of these flaws.

 Bruce Hepburn, Chief Executive Officer, Mactavish, commented: “Some insurers and brokers were quick to denounce our findings.

 So we are challenging them to state publicly that they will never use the flaws we identified as the basis to turn down claims.

 “These flaws are a consequence of the immaturity of the specialist cyber insurance market. But this is a rapidly expanding market and it is essential that the industry addresses these issues if the available policies are to meet the needs of companies seeking cover.”

 The eight flaws were outlined in the Mactavish Cyber Risk & Insurance Report, published in November. The flaws include:
 1. Cover can be limited to events triggered by attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions
 2. Data breach costs can be limited – e.g. covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice)
 3. Systems interruption cover can be limited to only the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted
 4. Cover for systems delivered by outsourced service providers (many businesses’ most significant exposure) varies significantly and is often limited or excluded
 5. Exclusions for software in development or systems being rolled out are common and can be unclear or in the worst cases exclude events relating to any recently updated systems
 6. Where contractors cause issues (e.g. a data breach) but the business is legally responsible, policies will sometimes not respond
 7. Notification requirements are often complex and onerous
 8. Businesses are forced to choose IT, legal or PR specialists appointed by their insurer.


Back to Index

Similar News to this Story

Parents suffer at work for caring for sick children
New research from MetLife UK shows parents are paying the price for taking time off work to look after sick or injured children in the shape of extra
Whats your holiday nightmare event
Some people travel to soak up the culture, sample the food and bond with the locals, but the UK’s travellers responding to a new survey from global tr
Non life insurers holding more non traditional investments
New research from insurance and investment advisory firm LCP shows significant and growing appetite from non-life insurers for non-traditional investm

Site Search

Exact   Any  

Latest Actuarial Jobs

Actuarial Login

 Jobseeker    Client
Reminder Logon

APA Sponsors

Actuarial Jobs & News Feeds

Jobs RSS News RSS


Be the first to contribute to our definitive actuarial reference forum. Built by actuaries for actuaries.