With many of us now working and socialising through virtual platforms, cybersecurity has never been more paramount.
Therefore, it is no surprise to learn that there has been a steep and significant rise in insurance claims due to ransomware attacks. According to Coalition, a cyber insurance and security provider, over two-fifths of all insurance claims in North America (41%) in the second quarter of 2020 were due to ransomware attacks.
Similarly, there was a rise in claims from fund transfer losses (27%) and business email compromise (BEC) incidents (19%) too. Together, all three areas account for over 87% of all claims in the first six months of 2020.
This rise in claims is causing concern among (re)insurers as cyber has until recently fallen into a “grey” area in many policies. A significant concern is the rise of “silent cyber risks” which refer to exposures that many companies may have because of the lack of explicit cyber coverage in non-cyber risk policies, particular in the property and casualty portfolio.
Such thinking chimes with the recent comments by Stefan Golling, Chief Underwriter at Munich Re who said that COVID-19 highlighted the “potentially huge consequences of a cyber attack causing widespread business interruption, even without causing a high or any level of physical damage”.
Likewise, the European Insurance and Occupational Pensions Authority in a recent paper said that the pandemic has shown that there was a “significant protection gap” for non-damage Business Interruption.
Golling also said that cyber attacks have “increased sharply” since lockdown measures were implemented with ransomware attacks increasing by 150%, phishing by almost 600% and cyber attacks on banks by 150% too.
However, the era of many policies being silent on cyber risk seems to be over after the PRA’s intervention in 2019 stating insurers needed to have “action plans to reduce the unintended exposure that can be caused by non-affirmative cyber cover”. This was followed up by Lloyd’s issuing a bulletin in 2019 requiring all Syndicates to provide clarity for cyber exposure in all policies.
Given the increasing reliance on the Internet for our day to day lives and the growing concern of cyber, there may be a day of reckoning in the Property and Casualty portfolio with explicit coverage for cyber to be written in policies. Property, Casualty and Cyber (PCC) insurance, anyone?