Report highlights gaps in cyber insurance

Coverage of cyberattacks and cyber risks by conventional classes of insurance can be patchy, according to research by the International Underwriting Association (IUA).

In a report to members, the London-based association for non-Lloyd’s international insurers and reinsurers details how some traditional lines of business might provide cover for the growing scope of cyber threats. However other scenarios show how common exclusions, not necessarily aimed at such perils, mean cover is not provided for cyber losses in situations where it might be expected.

The report, entitled ‘Cyber Risks and Insurance – an introduction to cross class liabilities’, analyses several possible claims scenarios. The paper, produced in conjunction with law firm Norton Rose Fulbright, also summarises the development of data protection rules and discusses the market for dedicated cyber insurance policies.

“Professional indemnity and directors’ and officers’ liability [D&O] are two areas where it is possible to envisage situations in which, directly or indirectly, cover is provided for certain types of cyber risk,” said Chris Jones, IUA director of market services. “Yet clients may not be fully aware of the scope of underwriting in these lines.

“Conversely, in marine and aviation business, for example, it can be seen that fairly standard policy exclusions may operate to limit the scope of cover in relation to cyber perils. Cyber-specific wordings and products, therefore, many be an effective way of filling the gaps of cover which exist in conventional lines of insurance.

“Cyber risk has been described as the biggest, most systemic risk facing the insurance market in the last half century. Legislators worldwide are taking an increasing interest in this area and organisations are having to meet ever higher standards of risk management.”

The report outlines how separate cyber insurance cover – through extensions in existing policies, ‘drop-down’ cover and comprehensive standalone policies – has evolved to reflect the emerging risk landscape. Also included is a ‘cyber key facts’ paper, information on reported cyber incidents and mitigation steps for insureds.

It is available at


Related reading