Policyholders and Brokers Need More Clarity on Cyber Coverage



By Loretta Worters, Vice President of Triple-Media I’s Relations


Directors, officers, and C-suite executives are still too ignorant about cyber risk and insurance despite the presence of cyber risks and the rise in the number and seriousness of events.

The cover story for this month’s issue of Risk & Insurance by Alex Wright is titled Vigilance Demanded.


Even though there are specific policies available to cover the risk, many policyholders continue to assume that their property and liability insurance will provide coverage when they actually do not.

Commercial insurance plans still lack clarity on harm from cybercrimes, according to Risk & Insurance, a sister organization of the Triple-I and a member of the Institutes.



Unexpected coverage gaps may occur for policyholders as a result of coverage confusion.


According to Adam Lantrip, the head of CAC Specialty’s cyber practice, “in the best-case scenario, a cyber catastrophe may result in coverage under numerous insurance policies and raise the available total maximum to address a covered event.”

“In a more typical scenario, many insurance plans might be activated but fail to work together, and the policyholder ends up paying more in legal expenses than they would have had to had they bought standalone cyber insurance in the first place.”


Silent, or “non-affirmative,” cyber risk, in which potential cyber-related events or losses are not expressly covered or excluded within conventional policies, is of particular concern to insurers.

In these situations, insurers may find themselves on the hook for unforeseen claims for which the insurance policies were not correctly priced.


According to Tracie Grella, global head of cyber insurance at AIG, “Cyber risk is now present in almost every insurance policy.”

But because it hasn’t been adequately detected, assessed, priced for, or included in the aggregation model or included into the underwriting of common policies like property, it creates a significant systemic risk that can’t be disregarded.


According to the article, in 2017’s WannaCry, Petya, and NotPetya cyberattacks—which decimated everything from supermarkets and shipping ports to advertising agencies and legal firms—silent cyber first materialized.

The losses caused by the master file encryption and the ensuing Bitcoin ransom demands for access restoration were the most expensive ever, reaching $3 billion.


Underwriters, brokers, and policyholders must comprehend how their policies will be impacted by changing risks and legislative frameworks.

Additionally, they must be aware of the scope of the issue and comprehend the most frequent misunderstandings and coverage issues around silent cyber.