Cyber risks are among the most pervasive risks of our time. They impact all industries that purchase insurance, and all lines of insurance. A panel from the insurance community whose roles in their companies focus on cyber risks (some from the underwriting and product development perspective, and others from the claims handling perspective) discuss key issues and challenges that insurers face from cyber risks.
Eric Cernak – Munich Re US – Cyber and Privacy Practice Leader
Kirstin Simonson – Travelers – Cyber Lead for Global Technology
Karrieann Couture – CNA Specialty Claims – overseeing technology, cyber, and fidelity claims operations
Moderator: Laurie Kamaiko – Sedgwick LLP – Cybersecurity & Practice Group Leadership Team and Co-Chair Cyber Insurance Task Force
Q: What constitutes a “cyber risk,” and what is the range of cyber risks that insurers and their policyholders are dealing with these days?
Simonson: In the early days, we were focused on whether general liability insurance would respond to cybersquatting or other intellectual property issues. Around 2003, all of that changed when states started enacting breach notification laws requiring notice to individuals when the security of their personal information held by companies was breached and that information was stolen or lost; that was the driver behind a lot of the cyber coverages. Today, there are now really two buckets of risks in play: The first is the data privacy bucket, which involves the privacy of personal information and the protection of confidential information of others that a company holds within the confines of its networks. The second is the network security bucket, which involves how a network is being infiltrated and used to cause some type of harm to one’s own company or to others. While there are liability aspects to these and resulting third-party claims, a big chunk of the exposure is the expenses a business faces when an event happens, whether it is a data hacking event that requires forensics and notification costs, or whether it is ransomware with the investigation of that and issues of whether and how the business pays the ransom. It all stems from how everything is connected across the internet, which places everything at risk.
Q: What are some of the types of coverages under traditional lines of insurance, as well as stand-alone cyber policies, that are being impacted by cyber risks?
Cernak: Coverages have evolved from tech E&O, media liability and, ecommerce insurance. Now there is not only data breach coverage for the expenses of responding to and remediating a data breach, but also for the third party actions that can be brought as a result of a breach. There is also systems damage and restoration coverage that is of growing importance, to help businesses restore their systems or data that may have been corrupted or stolen as a result of a computer attack. A corollary to that on the third party side is actions being brought against businesses for transmitting malware, propagating a denial of service attack (even if the company is not aware that it is being used for that), or breaches of sensitive information held by a corporation.
For the full article, refer to page 6 in the Fall 2017 issue. https://www.airroc.org/assets/docs/matters/AIRROC-Matters-Fall-2017-vol-13-No-2.pdf