Page 15 - UZAZOO.BH964
P. 15
Network Security and Privacy
Cyber Insurability as it Currently Exists
Can be covered with Tech E&O
Revenue loss due to network business Financial damages or loss due to failure and Cyber Policy
interruption, information asset loss, of technology or software to perform as
first party data breach mitigation intended, third party financial damages Should be / already covered in
from a data breach, data breach-related traditional insurance program
regulatory fines and penalties, “contingent
Revenue loss due to prpoerty damage events regulatory” losses, recall costs where no Uninsurable business risk
tangible damage in end product occurs.
Revenue loss due to theft of trade secrets/
intellectual capital and introduction of 3rd party recall costs associated with
competing products into marketplace, tangibly damaged goods or products
criminal fines and penalties
Covered under property, general 3rd party property damage or bodily
liability, and workers’ comp programs injury losses where insured’s products
directly cause loss. should be covered
under GL products/recall policies.
Contingent bodily injury and
property damage losses due to the
failure of technology or software
products (no direct damage)
Source:
This has resulted in vastly disparate cyber insurance purchasing manufacturing, industrial, and critical infrastructure are struggling
trends. Consumer facing industries have led the charge (mainly with the available products as well as the debatable nature of
specific to “privacy” coverage), and various estimates put their existing coverage.
adoption rates between 20%-60% for certain segments—financial,
healthcare, retail, and hospitality. Beyond those industries, Another significant problem is limits sufficiency, which is not high
uptake is more limited. Business-to-business firms (predominantly enough to provide catastrophic coverage levels required by large
53
technology centric ) that participate in the PII chain can blend firms involved in critical infrastructure.
cyber coverage into a commercial errors and omissions policy
to contemplate a large percentage of the risks, but such firms While underwriting for privacy and related financial loss
continue to struggle to identify their exposures and the related products is good (and usually under one roof), know-how and
insurability. For firms that do not fit this classification, buying consistency for more traditional products drops off significantly.
drops off precipitously—and while knowing that their cyber This dynamic is further exacerbated by the silo approach at
exposures are significant, companies in industries such as many insurers whereby the “cyber” underwriters don’t interact
54 Arch Insurance alleges that the comprehensive general liability policy excludes electronic data from the definition of tangible property, for purposes of determining whether
“property damage” has been alleged. Furthermore, the policy excludes damages arising out of the loss of, loss of use of, damages to, corruption of, inability to access, or
inability to manipulate electronic data. In that case, Michaels Stores allegedly failed to safeguard PIN pad terminals, which allowed criminals to fraudulently access and use
customers’ credit card and debit card information.
Aon Risk Solutions | Cyber Insurance 15
