June 10, 2019 by Jason Contant
How far along is the Canadian insurance industry in terms of cyber product standardization?
While some of the standard language for base coverage has become more standardized over the years, there is still an overall general lack of standardization. There is also sometimes the need for insurers to address “non-traditional” cyber exposures, making standardization more challenging.
But that doesn’t mean standardization hasn’t come a long way over the years. “I would say if you looked back 10 years and looked at the different cyber products that were available back then, the look and feel would be completely different than today,” Miki Ho, an underwriter with specialist insurer Beazley, said in an interview.
“There’s definitely been an evolution in terms of now we are fairly commonly using standard language for the base coverage. So, if somebody says privacy liability, everybody knows what they are talking about. If somebody says business interruption from a cyber event, for the most part, people are talking about the same thing.”
Ho spoke to Canadian Underwriter last week about standardization and some of the difficulties surrounding it. “Given that it is very much an evolving marketplace and everyone is still addressing threats and exposures that are changing every day, I think it’s still very hard to come up with a standardized wording that everybody is comfortable with but also addresses the exposures that are out there.”
James Dalton, director of general insurance policy at the Association of British Insurers, firmly believes that cyber products should not be standardized. “It is misguided… to attempt to impose standards on the cyber insurance market, especially one that is in its relative infancy and one that needs flexibility to respond to an ever-changing cyber risk landscape,” Dalton said May 13 to a group of government officials, peer and industry.
“Cyber risk is constantly changing and evolving. As a consequence, insurers need to frequently adapt and change their policy wordings, question sets, and underwriting approaches in order to ensure that they are best serving their customers while managing their exposures prudently in line with their regulatory responsibilities,” he said.
Ho said that Beazley is finding a lot of clients are interested in covering “non-traditional” cyber exposures under a cyber insurance policy, such as property damage, environmental liability or product recall. At the same time, Beazley, which operates in Canada, the United States, United Kingdom and continental Europe, is working on standardizing its coverages across the various jurisdictions.
While some of Beazley’s broker partners have started developing their own wordings as a way of trying to standardize the language being used, it a fast-moving space and “we are responding and developing language and customized offerings for our clients,” Ho said.
“In five years, will there just be one policy that covers everything, whether it’s property damage or a network intrusion?” asked Ho. “Possibly. It’ll be interesting to see if the products become broader and more standardized or if insurers who have had bad claims experience will start to pull back some of the coverage that they are offering. There might even be less standardization that results from that.”