Many Lloyd’s contracts woefully inadequate on cyber wording
An analysis of almost 400 reinsurance contracts underwritten at Lloyd’s of London has proven that there could be potentially significant vulnerabilities and exposures if a catastrophic cyber-attack was to occur.
The survey of 392 property and casualty reinsurance policies underwritten by three reinsurers at Lloyd’s, proved that at least 40 percent did not contain standard cyber exclusion in the wording, where one of the reinsurers examined not referring to cyber terms at all in 68 percent of cases.
The analysis concluded that in the event of a catastrophic cyber-attack, reinsurers could find themselves open to the full limits on their policies, which were initially intended to cover property damage or casualty lines, as a cyber “hack” is found to be the proximate cause of loss.
“These data are quite revealing, particularly as they follow the Lloyd’s performance management directorate’s recent call for members to work within its ‘oversight framework for cyber-attack exposure monitoring,’” said Laurie Davidson, chief executive officer at Adsensa.
“We used our QA Software to analyse the reinsurance contracts from three managing agents and found that as many as two thirds had no reference to cyber terms at all.
“This was quite a surprise and I imagine very different to how many in the market perceive things; there are at least 20 standard market clause references to choose from and it seems that most would expect their policies to contain the appropriate exclusions so they are not covering unintended perils.”
An effort to imagine cyber catastrophe was recently made by modelling specialists at Risk Management Solutions, who designed a range of scenarios in their recent paper ‘Managing insurance accumulation risk.’
These scenarios included mass co-ordinated data breaches and distributed denial of service (DDoS) attacks on a biblical scale, causing as well as other things, a global collapse in consumer confidence or the theft of billions in assets from financial institutions.
“Cyber-attack is now quite rightly recognised as a potential cause for losses on property policies, business interruption, financial lines and many other types of insurance,” added Davison.
“Although only a small sample was taken for our analysis, subscription markets like Lloyd’s see underwriters sharing business on the same slip so when a minimum of 41% contain no cyber exclusions at all, it will be difficult to calculate probable maximum losses accurately.”
