One of the first major cyber silent coverage disputes involved Mondelez International, one of the world’s largest confectionery companies. In 2017, Mondelez was crippled by the NotPetya cyberattack, an alleged state-funded ransomware attack that destroyed the computer systems of companies operating around the world. Mondelez reported that 1,700 of its servers and 24,000 laptops were infiltrated with the malware, resulting in losses of more than $ 100 million.
When Modelez sought to claim the cyberattack as part of an all-risk property insurance policy, the claim was denied on the basis of a policy exclusion for losses triggered by a “hostile act or war. “. The insurer used the widely held view that NotPetya was sponsored by the Russian state to deny coverage for cyber-triggered property loss – a decision Mondelez challenged. To this day, the Mondelez claim remains at the heart of the discussion about the effectiveness of IT coverage and the potential for property damage and personal injury resulting from an IT event.
Read more : Ransomware outbreak sparks major shift in cyber insurance market
âBy nature, cyber risk seeps into every line of coverage, as almost every business uses technology to operate, and technology has been built into virtually every service or product a business offers,â Kasey said. Armstrong, Vice President, Amwins Brokerage. âWhen all eyes turned to the cyber silent issue, insurers had to manage their exposure. “
In 2019, Lloyd’s issued a mandate that all policies written in the London market – whether written on an all peril or peril basis – must clarify cyber exposure by providing or excluding coverage. With Lloyd’s often seen as a mainstay of the global insurance industry, many other insurers have since followed suit, tackling cyber silent by introducing positive exclusions on non-cyber lines.
“As evolving as the cyber insurance market is, there is still a hierarchical debate about where property damage or personal injury should fall if it is the result of a cyber event,” said Megan North, vice president of ‘Amwins Brokerage. âCyber ââoperators aren’t entirely comfortable opening their policies to cover all types of losses. Meanwhile, real estate carriers are uncomfortable with the cyber trigger, so there is a bit of a battle going on. “
To solve the cyber risk insurance coverage conundrum, Amwins developed CyberUP, the industry’s first modern umbrella insurance policy, with comprehensive coverage capabilities. CyberUP is a stand-alone insurance policy with two insurance agreements. Insurance agreement A is traditional supplemental insurance and provides policyholders with additional limits over their main policy, while insurance agreement B is the umbrella function, offering higher and lower liability limits for provide coverage where the underlying policy might not be.
Read more: Minimum wage on how schools, sports and recreation weathered COVID-19
âPolicyholders can sometimes find themselves in no man’s land after an Internet-triggered loss,â Armstrong said. âIf an insured suffers a loss and has no coverage under their non-cybersecurity policy, nor coverage under their primary cybersecurity policy, then our CyberUP umbrella policy can fill that gap. . Because it is autonomous, it does not depend on any primary insurance policy, whether cyber or otherwise; in other words, it shifts and falls to a dollar, becoming the main policy. This is what makes CyberUP fundamentally unique.
âCyberUP will always be larger than the primary insurance policy because of its two insurance contracts. Insurance contract A is a follow-up deductible; it follows primary, so it’s as broad as primary politics. Secondly, policyholders benefit from the drop-down functionality, so if by any chance they experience a loss that is not covered by their main policy, it is possible that it could be covered by insurance contract B, the umbrella function, thus providing fundamentally wider coverage. “
North described CyberUP as a âbroad and comprehensiveâ policy, with the ability to cover several types of losses resulting from cyber incidents, including exposures previously considered âsilentâ and expressly excluded by most operators on non-cyber policies.
She added: âCyber âârisk is evolving; therefore, coverage is scalable in nature – and we have envisioned this in our CyberUP policy. We actually have a liberalization rider built into the wording of the base policy so that as the CyberUP product evolves to remain relevant with the exposures and risks that we see, all policyholders will benefit from any advancements we have. bring to the form or endorsements. We have designed the subscription process to be very easy and efficient. It’s not something cyber insurance is known for, and I think it separates our product from any other product on the market.
Learn more about Amwins’ exclusive CyberUP product at amwins.com/cyberup.