Technology is constantly changing and just when you’ve learned how to operate a new device or system, you’re often back at the beginning just in time to learn how to operate the newer and improved version. Sound familiar? Indeed, cyber risks are evolving at a faster pace than ever. However, what’s different about cyber risk is that last year’s cyber risks and security vulnerabilities don’t get shelved like outdated technology. Last year’s cyber risks are still here and are constantly getting upgraded and multiplying. New types of security flaws and vulnerabilities have been added on top of last year’s, whether known or unknown. Cyber risk is no longer something your company can push aside nor forget about.
Digital risks for companies are now inherent in almost every activity a company undertakes.
In 2018, there will be a renewed focus on the impact (or potential impact) of “silent,” or non-affirmative, cyber coverage and the correlation with affirmative cyber coverage. ‘Silent’ risk is the gray area of an insurance policy in which coverage is neither mentioned nor excluded and not taken into consideration when policies are priced. If you think cyber insurance is overpriced, just wait until insurers start pricing in cyber risk into those silent areas of other insurance policies. This needs to happen in order for insurers to sustain the huge cyber related losses that are just around the corner.
With the Internet of Things, autonomous cars, cryptocurrency, digital payments and more on the way, cyber risk is only going to get more complicated and expensive.
Despite cyber insurance being a key area of growth and risk, boards do not own the overall strategy around cyber risk and in a number of cases a clear strategy, supported by risk appetite statements, and more often than not, an assessment of ‘silent’ cyber risks does not exist.
In the absence of standardized cyber coverages and policy wordings, mapping losses not just to cyber policies, but to potentially applicable errors and omissions, directors and officers, commercial general liability, business property and other policies, needs to be considered.