January 29, 2018 by Jason Contant
Cyber insurance is evolving into the non-privacy space, with insurers moving more into business interruption coverage, Catherine Evans, vice president of Marsh Canada, told Canadian Underwriter Monday.
“Insurers are pushing more into the areas where it’s really more of an operational disruption issue, as opposed to a privacy loss type of concern,” Evans said in an interview. “So, really, they are targeting some of those industries that haven’t had a significant appetite for this type of cover to date.”
Industries such as healthcare, higher education and retail, sectors in which organizations typically hold a large amount of public or consumer information, often need coverage for privacy breaches. But insurers now have their sights set on offering coverage in more industrial workplace settings.
For example, insurers are now hearing interest in cyber coverage from clients in the the manufacturing, mining, and energy sectors.
“They are starting to look at it from an industrial control perspective,” Evans said. “What happens if someone is able to get access to those systems? For any organization that has got a significant amount of automation, there is concern about what happens if that is taken offline and what does that do to the bottom line. That’s where we are seeing a lot more interest than we were a couple of years ago.”
Also, she said, “when you start talking to boards about that, [cyber-attacks] become more of a critical concern because that is really potentially taking down all of your operations or your ability to generate revenue. It’s not that manufacturers, for example, aren’t concerned about privacy breaches. But there is usually more of an impact if somebody is able to access industrial controls or shut down a plant.”
Lindsey Nelson, international cyber team leader with CFC Underwriting, noted that a manufacturer will typically not hold large amounts of data, but they are going to have a huge business interruption exposure.
“We’re still talking about cyber and privacy, but we need to actually shift the focus and be talking about what people’s first-party exposures are,” Nelson said. “So, if your systems go down for a certain period of time, how much money are you going to lose as a company? How much profit are you going to lose, and what’s your reputational harm exposure going to be if you have an outage that leads to a system interruption?”