Mactavish, a company that advises organisations of all sizes on their insurance requirements, has recently launched a new Cyber Risk Consulting Practice. The study reviewed dozens of ‘off-the-shelf’ cyber insurance policies and identified seven significant common flaws:
Cover can be limited to events triggered by attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions;
Data breach costs can be limited – e.g. covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice);
Systems interruption cover can be limited to only the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted;
Cover for systems delivered by outsourced service providers (many businesses’ most significant exposure) varies significantly and is often limited or excluded;
Exclusions for software in development or systems being rolled out are common and can be unclear or in the worst cases exclude events relating to any recently updated systems;
Where contractors cause issues (e.g. a data breach) but the business is legally responsible, policies will sometimes not respond;
Notification requirements are often complex and onerous.
Mactavish has been closely involved with the project to reform commercial insurance law in the UK, an eight-year programme which culminated in the Insurance Act 2015, according to the official press release.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now