Stand-alone cyber insurance policies can tackle cyber-attack exclusions
21 March 2022
Cyber-attacks on energy companies are growing at a time when insurers are increasingly looking to include significant cyber exclusions in their policies.
As a result of new exclusions, a stand-alone cyber insurance policy has become an even more attractive option for companies fearing they may also be hit by online attacks.
Industry experts last year warned that a quarter of the energy sector is “highly susceptible” to a ransomware attack, and almost half of the energy sector has a “critical vulnerability.”
Last year the global utilities sector saw a staggering 274% increase in the number of average weekly attacks compared to 2020, according to Check Point Research’s (CPR) latest Security Report.
The 2021 cyberattack on Colonial Pipeline in the United States caused fuel shortages and saw a ransom paid of more than Euros 3.6million ($4 m). It focused attention on the vulnerability of energy companies and showed the importance of obtaining appropriate cyber insurance cover as a defensive measure in the face of an ever evolving threat.
Opting for a dedicated Cyber insurance Policy provides cover for first-party losses and third-party liabilities arising from cyber losses. The first-party coverage includes costs related to notification, computer experts or forensic analysts, cyberextortion or ransom costs, data restoration, and public relations services; It also deals with loss of money, securities, and tangible property; income loss and extra expense and reputational harm.
Third-party coverage includes privacy and security liabilities, media liabilities, and regulatory proceedings.
Businesses considering their potential exposure to cyber-crime need to be aware of the exclusions that may be contained in other policy options. Commercial Property and Business Interruption policies may contain cyber-related protections, however, these policies could include broad exclusions for data or cyber risks. Exclusions for data breach costs and other indirect losses from a cyber-attack may be excluded from Commercial Crime Insurance.
It should be note that while Commercial General Liability policies may provide coverage for certain third-party claims arising from a cyberattack, insurance companies can take an alternate view. Directors and Officers policies also deal with exposure to cyber-related risks and liabilities but they may also contain exclusions for cyber-related claims.