Cyber Has Emerged as a Risk That is Not Specifically Covered by Other Insurance Policies
Insurance is a fundamental aspect of business risk management used to spread or mitigate financial risk by transferring it to a third party. Since business is now urged to take a risk management approach to cyber security, it is natural and inevitable that cyber insurance should be considered as part of the mix. Cyber insurance is set to grow, in size as an industry, and in importance as a service.
But there are issues -- not least because there is comparatively little actuarial history on which the industry can base its premiums. While there is a century of auto insurance and many centuries of shipping insurance, there is little more than two decades of cyber insurance history. As a result, both insurers and insureds are still unsure about what it is, what it should or can cover, and how much it should cost.
To the insurers, cyber insurance is primarily a gap filler. Cyber has emerged as a new risk that is not specifically covered by other policies, and cyber insurance is designed to fill that gap. But immediately there's a problem, because aspects of existing policies may cover aspects of cyber risk. The principle of 'silent cyber' can apply -- that is, if cyber is not specifically excluded from the policy, it is de facto included. Is separate cyber insurance even necessary?
Mondelez and NotPetya (the Act of War exclusion)
Mondelez appears to have believed it was not -- it already had an 'all-risks' property cover with Zurich American Insurance that included "physical loss or damage to electronic data, programs, or software, including physical loss or damage caused by the malicious introduction of ..
Support the originator by clicking the read the rest link below.
