Two new London Market model clauses to help underwriters manage cyber losses have been published by the International Underwriting Association (IUA).
The wordings have been developed in order to address issues of non-affirmative or “silent” cover, where traditional insurance policies may unintentionally suggest protection for undefined cyber risks, said the IUA, which represents international and wholesale insurance and reinsurance companies operating in or through London.
The first new model clause, called “Cyber Loss Absolute Exclusion Clause” (reference: IUA 09-081), provides market participants with an option to exclude in the broadest possible manner any loss arising from the use of a computer system, network or data – each of which is clearly defined, the IUA said.
The second model clause, called “Cyber Loss Limited Exclusion Clause” (reference: IUA 09-082), enables only the exclusion of losses directly caused by cyber events, rather than “directly or indirectly.”
“These two new model clauses provide broad policy exclusions which may be utilized as a starting or reference point for underwriters offering cover for traditional business classes that may include an element of cyber risk,” said Chris Jones, IUA director of legal and market services, in a statement.
By developing class-specific write backs insurers can then explicitly state the extent of any cover provided for such losses,” he added.
Both clauses were developed in response to concerns expressed by the UK Prudential Regulation Authority (PRA) about potentially unintended or unclear provision of coverage for cyber risks in various classes of insurance business, explained the IUA.
The issue was addressed by the regulator in a November 2016 consultation paper – “Cyber insurance underwriting risk” – and subsequent policy statement (PS 15/17). Companies were urged to actively manage their exposures by considering adjustments to premium, robust wording exclusions and specific limits of cover.
“Silent cyber cover creates uncertainty for both insurers and clients and has been a hot topic in the London company market for some time now,” said Jones.
“Increasing regulatory scrutiny has, of course, further highlighted the issue, but IUA members have been considering different approaches even before it was first raised by the PRA,” he continued.
“Many traditional policies were designed when cyber wasn’t a major risk and often do not explicitly mention cyber. Some high-profile cyber events and losses have clearly demonstrated, however, how important it is to address.”
The two new cyber clauses are available to download, along with all IUA model clauses, from the association’s clauses website www.iuaclauses.co.uk.
Was this article valuable?
Here are more articles you may enjoy.