Cyber Insurance policies are marred by disputes


Cyber Attacks are said to be increasingly causing chaos between corporate companies and the insurance providers, raising questions about the significance of the policies which are being offered to cover their digital assets.

According to a recent report from RBC Capital Markets, cyber insurance sales are evolving on a rapid note in a positive direction by registering a 25% growth in the past two years. However, on a simultaneous note, the business expansion is also creating a lot of growing number of disputes.

For instance, the National Bank of Blacksburg in Virginia filed for a $2.4 m claim in 2018 with Everest National Insurance Company (ENIC) as it suffered a bank loss in 2016 and 2017. But after making a detailed investigation, ENIC decided to offer only $50,000 compensation as the policy offered to the insurer did not cover the entire IT assets.

A court case is due to start early next year as a US court decided to take on the case hearing only after a probe is conducted by a 3rd party.

“This kind of disputes arise due to a miss- conceptualization prevailing among people on what they think they have bought and what they have actually bought”, said Rob Smart, the Technical director of MacTavish- a security company conducting audit among on the cyber risks which companies face.

Rob said that his company has observed a lot of big gaps in the covers being offered to companies in its annual reviews. He admitted that in most cases the insurance companies devise the rules in a restrictive way which later offers uncertainness on how far the cover will be extended as soon as a cyber incident occurs.

The most common issue is that the policy cover can be limited to malicious attacks, leaving out problems caused by accidental errors.

In other cases, the payouts for data breaches can be limited to a legal minimum, excluding anything extra the client may want to spend, for example keeping the customers informed and providing them a free credit monitoring cover for a span of one or two years.

Julia Graham, the technical director of Airmic UK, admits with what is being said by Rob Smart. Furthermore, she adds that another biggest area of concern is where insurance policies do not cover for business interruptions.

Note- Business interruption cover offers financial assistance to the loss incurred during the downtime. But as it is very difficult to calculate, most of the insurance companies avoid its inclusion in the fine print.

Nevertheless, cyber is proving the extremely profitable line of business for companies offering insurance policies.

But is it really proving worth considering to businesses…?

You can share your mind on this through the comments section below.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display