News and articles
The echo effect of silent cyber

What can we expect in 2021?

Silent cyber, also called non-affirmative cyber, is the unknown vulnerability in an insurer’s portfolio caused by any cyber risks that have not been explicitly excluded from policies where coverage was not intended to be provided. Whereas standalone cyber policies define clear boundaries for cyber cover, many traditional policies do not anticipate cyber risks; this does not preclude claimants filing claims, and courts agreeing with them, which could result in insurers paying certain cyber loss claims.

In July 2019, Lloyd’s mandated that all policies across all classes of business must explicitly clarify whether they provide cover for cyber risks by either excluding or affirmatively covering such exposures. They released a timetable for enforcing these measures, issuing four phases and pushing rollout every 6 months. The first phase, applied from 1 January 2020, addressed first party property damage policies. The second phase, from 1 July 2020, covered bankers blanket bond (BBB) and crime policies. The third phase, effective 1 January 2021, addressed professional indemnity (PI), D&O and other liability policies. The final phase will take effect on 1 July 2021, and includes lines such as marine XL, casualty treaty and employers liability/WCA.

With such a short timeline for insurers to become compliant, the industry has seen a trend amongst insurers of opting for umbrella-like cyber exclusions rather than offering affirmative cover when scrambling to meet these deadlines.  This pattern has been clearly seen throughout phases one and two, and even the newly-implemented phase three. It is unlikely that we will see much of a difference in phase four come July.

The lack of clarity provided by Lloyd’s when implementing overarching policy mandates has unintentionally created an echo effect, and the gaps in coverage once attributed to silent cyber are now still very evident, but just no longer “silent”. As carriers continue to exclude coverage, the only solution is for policyholders to pursue standalone cyber, which can cover gaps and may offer coverage clients had not previously considered. In 2021 it will be more important than ever to determine whether a separate cyber insurance policy is required and to meticulously ensure appropriate coverage is put in place.

James Bullock-Webster