• Support
  • Log In
  • Sign Up
ANZIIF Logo
Go back
Professional Development

Need help with professional development?

Contact Support

View by Kind
Go back
View by Kind
Short Courses Qualifications Skills Units Compliance Webinars Events Articles Videos Activities Whitepapers Ask an Expert
View by Sector
Go back
View by Sector
Claims General Insurance Insurance Broking Reinsurance Risk Management Life and Retirement Income
All Professional Development The Journal Recognition of Prior Learning Your Career in Insurance
Studying with ANZIIF
Go back
Studying with ANZIIF Enrol Academic Calendar Assessments FNS20 Training Package Student Support
For Companies
Go back
For Companies Train your staff Life Insurance Professional Standards General Insurance Claims Handling Framework Reference books Government Training Incentives
Go back
Membership

Need help with your membership?

Contact Support

Member Tools
Go back
Member Tools
Login Become a member Renew or Reinstate your membership
Members Centre - Professional Development
About membership
Go back
About membership
Your Membership Guide Member Levels Benefits Certified Insurance Professionals Digital Badge Member Directory
Scholarships and Awards
Go back
Scholarships and Awards
Australian Industry Awards New Zealand Industry Awards Academic Awards Lloyds Scholarship Turks Bright Light Award ICNZ and ANZIIF Scholarship
Go back
About ANZIIF

ANZIIF is the leading membership, training and professional development organisation for the insurance and finance industry in the Asia-Pacific region. We partner with a broad range of organisations and government to provide services that support professional excellence. We help enhance standards and improve community understanding of insurance and finance.

Overview
Go back
Overview History Boards and Councils Annual Reports Media Governance Corporate Sponsorship Partners Careers at ANZIIF Contact
Community Initiatives
Go back
Community Initiatives
Your Career in Insurance Careers in Insurance Corporate Supporter Making a Difference Awards Donna Walker Awards Life Insurance Professional Standards General Insurance Claims Handling Framework Generation i
ANZIIF Logo
Professional Development The Journal
Journal
0.25CIP Points

Breaking the silence

Tim Garratt
01 Apr 2020
Claims Insurance Broking Reinsurance Risk Management
The world is increasingly connected and more reliant on the fruits of technological progression.

According to the 2019 Global Cyber Risk Perception Survey by Marsh and Microsoft, it’s estimated that internet-connected devices will number 75 billion by 2025. The report adds that ‘even traditional sectors such as manufacturing expect almost 50 per cent of the products they develop to be “smart” or “connected” in some way by 2020’.

‘New technologies are changing our way of life and integrating into everything we buy,’ says Matthew Honea, director of cybersecurity for Guidewire Cyence.

NEW CYBER RISKS EMERGE FOR INSURERS

A heightened reliance on, and integration of, technology will bring new cyber exposures. Providing proper protection against these ever-evolving dangers also requires responding to silent (or non-affirmative) cyber risks.

Silent cyber exposures are cyber-related events or losses neither explicitly included nor excluded from a policy that was not originally intended to offer cyber coverage.

Paul Merriman, casualty underwriter for Munich Re Australia, says silent cyber risks can be found in almost all classes of insurance.

‘While the most significant losses have been seen in commercial property globally to date, many casualty classes and even personal lines could be affected,’ he says. ‘As long as there is ambiguity in the policy wording around cyber exposures and/or data, there could be silent cyber exposure.’

Michael Parrant, cyber insurance practice leader in Aon’s Cyber Solutions Group, says affected policies often have not taken into account the asset rotation — from tangible to intangible assets — that’s occurred in business over the past two decades.

‘What we’re seeing now … in the property, crime and the general liability insurance policies is this question over whether they are supposed to cover those sorts of exposures or not, and that really comes down to the language that they’ve used being quite broad historically.’

DANGERS FOR (RE)INSURERS AND CUSTOMERS

Failure by insurance players to grapple with silent cyber could potentially be catastrophic.

‘Silent cyber can manifest itself in unforeseen losses that have neither been assessed nor priced for by the underwriter,’ says Merriman. ‘It means that (re)insurers could potentially assume exposure without proper underwriting and accumulation management. Not only for cyber, but in all classes, it is important to consider risks in the underwriting process and achieve risk-adequate prices for the associated exposures, not least to ensure sustainability and solvency in the long term.’

From the customer perspective, ambiguous wordings around cyber and data can lead to contract uncertainty and increase the likelihood of claims disputes.

Merriman also points to the broader concern for the industry around trust and reputation.

‘With increasing regulatory scrutiny and focus on fair treatment, (re)insurers need to work harder than ever to ensure their customers understand the coverage and value of the products they are purchasing.’

Globally, the largest silent cyber losses to date arose from the 2017 NotPetya malware attack, which led to claims under property policies.

‘In some cases, the silent cyber exposure stemmed from ambiguous definitions of electronic data … and in other cases, the explicit agreement to insure electronic data as property, but perhaps without a full appreciation at the time for what this meant for the cyber exposure,’ Merriman explains.

According to Property Claim Services Global Cyber, almost 90 per cent of the total industry loss from NotPetya is attributable to non-affirmative cyber.

TAKING ACTION ON CYBER RISK EXPOSURE

In January 2019, the United Kingdom’s Prudential Regulation Authority (PRA) called on the (re)insurance industry to more prudently manage cyber risk exposures, including silent cyber, requiring it to create action plans containing clear milestones and timeframes for taking action.

Responding to PRA’s direction, Lloyd’s announced that, from 1 January 2020, its underwriters must ensure all first-party property damage policies affirm or exclude cyber cover. Requirements for liability and treaty reinsurance will come into effect in two phases during 2020/21.

‘Other regulatory authorities like the European Insurance and Occupational Pensions Authority in the European Union are beginning to address the issue as well; for example, by introducing a combination of quantitative and qualitative questions on cyber risks in their insurance stress tests,’ says Merriman.

He characterises the industry response to silent cyber in Asia Pacific as ‘mixed’.

‘In some cases, insurers and reinsurers are ahead of the curve and have already completed projects to assess their own exposures and communicate to the market,’ he says. ‘In other cases, there is a lack of awareness and urgency.’

Honea stresses an insurer’s need to thoroughly understand its policies, ‘both past and present’.

‘Language has evolved over time, and we didn’t think about all the risk we have today, say, 10 years ago,’ he says.

‘It’s important to systematically understand policy text. We suggest using an approach of bucketing policies into three types: defined included risk, defined excluded risk, and unknown silent risk.’

Merriman says insurers and reinsurers can address silent cyber by working together to facilitate clarity for all involved, including the customer.

‘If we put ourselves in the customers’ position, they are probably less concerned with which of their policies responds, than having the right cover in place and being able to clearly understand the wording,’ he says. ‘As long as the cyber scenario in question is insurable — and some are not — the most appropriate policy should respond, and customers should not be left with a gap in coverage, especially one they do not understand.

‘If this approach is kept in mind, the objective of cyber exclusions, write backs, endorsements and affirmative coverages is clear. The insurance industry … [and] external cyber experts need to collaborate closely to develop a common understanding of how cyber risks should be dealt with, in order to understand the risk, assess it adequately and therefore make it insurable.’

As with affirmative cyber (where policy language covers or excludes cyber-related losses), Merriman says the challenge for (re)insurers regarding pricing is to build a framework without the benefit of ample historical data.

‘Silent cyber can be considered a risk of change, often a new proximate cause of existing perils,’ he says. ‘Underwriters will need to consider the impact of this risk of change, while maintaining a pragmatic view of the benefits of new technologies that can also lower the exposure rather than amplify it.’

One approach, suggests Merriman, to assess the exposure in the absence of credible claims data could be to explore loss scenarios and their impact on conventional policies. However, he acknowledges this is easier said than done.

‘Many insurers, particularly those that do not participate in the affirmative cyber market, are not readily equipped with the expertise to address their silent cyber exposures without support,’ he says.

Merriman says an industry-wide response to silent cyber will ultimately benefit customers, insurers and reinsurers.

‘The insurance product landscape should ideally jointly address the insureds’ need for cyber coverage and clearly define what is covered and what is not in existing policies,’ he says.
This is Worth

0.25 CIP Points

Login to Collect Points & Comment
What are CIP Points? About ANZIIF Membership
Your comment has been successfully posted

Comments

Loading comments

Remove Comment

Are you sure you want to delete your comment?
This cannot be undone.

kitchen sink logo
  • About
  • Professional Development
  • Membership
  • Compliance
  • Contact Us
  • Enrol
  • Become a Member
  • Login
  • Privacy Statement
  • Terms & Conditions

© Copyright The Australian and New Zealand Institute of Insurance and Finance Inc. 2021

RTO NO. 3596