Second-generation cyber policies tackle personal injury, property damage

Cyber insurance policies are now evolving to the point where they are starting to tackle personal injury and property damage, Brian Rosenbaum, national director, legal and research practice with Aon Risk Solutions Canada, told Canadian Underwriter on Tuesday.

Known in insurance circles as Internet of Things (IoT) exposures, liability can occur when personal injury or property damage results from a cyber incident. Traditionally, if somebody bought a property policy, they had coverage for a flood, fire or explosion that destroyed the building, for example.

“But what happens now when somebody hacks into your automated business system and then blows up your building or does something there, is that covered under your property policy?” Rosenbaum asked. “If there was silence in the policy, does that mean coverage? A lot of policies were silent and one would argue there would be coverage, but the insurers didn’t underwrite for that.”

Until recently, cyber policies didn’t want to delve into the personal injury and property damage regime; they thought that was for commercial general liability (CGL) and property insurance, Rosenbaum continued.

“We are now seeing a second generation of cyber policies where, for an additional premium, you can buy property and personal injury coverage as a result of a cyber incident in one policy that handles what we would call ‘traditional cyber risk,’ which means the compromise of personal identifiable information.”

CGL policies, where third parties are affected, often have data exclusions that preclude coverage for cyber incidents that lead to property damage, for example. Now insurers offer endorsements that will provide that coverage expressly, Rosenbaum explained. “We are becoming a little more sophisticated in understanding that we need to be express and clear about what we are covering because our clients are demanding it,” he noted.

There is also the proliferation of a “much broader standalone cyber policy,” Rosenbaum said.

Overall, insurers are doing a “much better job” of covering the gambit of cyber risks, which often didn’t fit neatly into CGL or property policies.

Rosenbaum discussed the evolution of cyber policies following the release of Aon’s global 2018 Cybersecurity Predictions report on Monday. One highlight of the predictions report was that businesses will adopt standalone cyber insurance policies “as boards and executives wake up to cyber liability.”