Silent cyber cover revisited

In this IIL Accident lecture Ben Edie talked about what silent cyber is and, crucially, the steps that are being taken by regulators (and in particular, Lloyd's) to ensure that the extent of cyber cover is properly understood by policyholders, and that there is sufficient understanding and capture of cyber exposures within the insurance industry.

Silent cyber cover has been a focus for UK regulators since the PRA issued its supervisory statement in July 2017. Early in 2019 the PRA wrote to all CEOs of insurers asking for an action plan to be put together providing clarity on how they intend to reduce unintended exposure to non-affirmative cyber coverages.

Lloyd's surveyed the Market with respect to cyber coverage in May 2019. They issued Market Bulletin Y5258 in July 2019, mandating that all policies are to provide clarity regarding cyber coverage through either express exclusionary language, or affirmative cover.

A phased approach has been taken to implementation by Lloyd’s. Phase 1 covered first party property damage policies, applying to policies issued on or after 1 January 2020. New model clauses were issued by the LMA to assist in implementing the requirements. On the Company side, the IUA also issued two model cyber clauses. The nature of these clauses will be considered.

We are now entering Phase 2, covering all other classes of business. Lloyd’s is working with class specific committees to determine how cyber cover is to be clarified. Various draft clauses are being issued to the Market. Lloyd’s follow up bulletin to Y5258 is eagerly awaited. It is hoped that this will have been issued by the time of the talk, and that it will detail the timelines for implementation across all other classes and what is expected in terms of implementation. Assuming the bulletin has been issued, it will be discussed.

The applicable deadlines for implementation are likely to be 1 July 2020 and 1 January 2021 depending on the class. Further model clauses will be issued.

EIOPA have also looked at the issue of silent cyber and other regulators are likely to follow suit.

Phase 2 of the Lloyd’s approach is likely to result in more significant challenges to the market, due to the nature of the insurance being addressed.

Managing agents will need to identify and capture the exposures to silent cyber. Where cover was previously silent on cyber but will be affirmative going forward (typically across professional indemnity and directors and officers’ policies), it may be that cyber exposure has not previously been captured in this way.

By the end of this lecture members would have gained an insight into:

• What silent cyber is
• The regulatory requirements to address the issue of silent (with a Lloyd's focus)
• What insurers need to do
• Other available options - stand-alone cyber coverage

Chair:
Martin Twells, Cyber Product Manager, FINEX Cyber Insurance, Willis Towers Watson

CPD events are open to CII and PFS members
Registration closes at 12pm two working days before the event date
For events held in The Old Library, Lloyd's pass holders may also attend and do not need to register
Original Photo ID (Driving Licence, Passport, Work ID with company logo and full name) is required to gain entry to all venues

Conditions:

• Email confirmations and original photo ID must be produced to security staff at the lecture venue
• Attendance confirmations are non-transferable to any other person or lecture
• All venues have limited capacity and registration and/or a Lloyd's pass does not guarantee admission

Please let us know what we can do to make our events fully accessible to you.

Contact:
Please contact Patricia Pedraza (07463 028327) with any queries regarding the CPD events programme.