ABConnect
Insight Archive  | Subscribe to our insights >>

Aon  |  Professional Services Practice
Professional Indemnity and Silent Cyber

Release Date: January 2023
pdf download risk-management-lessons-from-the-COVID-19-pandemic

An important issue has emerged in the London Market relating to the treatment of cyber risk within Professional Indemnity (E&O policy) and other non-cyber policies.

Under pressure from regulators and rating agencies, insurers have taken steps to clarify the degree of cyber cover in these non-cyber policies. The presence of inadvertent or undefined cyber coverage has been termed “silent cyber”.

The concern is that cyber risks are being covered by default, without analysis, pricing or reserving and that exposes insurers to unexpected individual claims, claims aggregation and potentially systemic losses. The aim has been to both protect the insurers and to provide contract certainty.

In the recent past the “silent cyber” debate had focused on property and business interruption insurances. The issue came into sharp focus for financial lines renewals starting in 2021.


Root Cause

Cyber losses can of course emerge from multiple sources and manifest in various ways. The losses can be both first-party and third-party involving additional costs, loss of revenue, regulatory costs and ransomware payments.

In some cases, historical wordings may have become ambiguous or unintentionally broad without adaption to the emerging roles of technology and the increased vulnerability to losses generated by cyber breaches and attacks.


Insurers’ Proposals

Insurers therefore faced some choices around adjusting premiums, limiting, or even excluding, risks. Markets have introduced endorsements to endeavor to provide clarity of coverage and to address the concerns of regulators. Some silent cyber exclusions seem to have gone too far in the context of professional practice risks, excluding some direct and indirect losses that traditionally the market has accepted as being within the scope of a professional liability policy.

The core market reasoning is that the risk should be insured in a stand-alone cyber insurance policy. This reasoning fails to account for the nature of the delivery of professional services and the role of technology. The change in approach also ignores the good work that has been ongoing for some years to ensure that PI and cyber covers dovetail together.

The exact language of the limitations should be examined carefully. Aon has developed a silent cyber endorsement that is broadly accepted by insurers in the London Market.


Recommendations

  • Conduct a risk and gap analysis against insurances purchased.
  • Test policy wordings against claims scenarios.

Making policies work together is a skill and there are different approaches that can be considered. Insurers’ risk appetite and coverage intent in the respective classes of business should be factored in.


Other Aon Cyber Resources

Professional Services Practice's cyber page
Adversary Simulation | Aon
Cyber Threat Hunting | Aon
Cyber Resilience | Aon


Keith Tracey

Contact


The Professional Services Practice at Aon values your feedback. To discuss any of the topics raised in this article, please contact Keith Tracey or Tom Ricketts.

Keith Tracey
Managing Director
London



Tom Ricketts


Tom Ricketts
Senior Vice President and Cyber Risk Leader
New York






Bryan Hurd



The Cyber Solutions team at Aon can help you understand and quantify your cyber risks. Please contact Bryan Hurd.

Bryan Hurd
Managing Director, Aon Cyber - Stroz Friedberg
Seattle




Do Not Sell or Share My Personal Information | Cookie Preferences |Careers | Site Map | Investor Relations | Legal | Privacy | Cookie Notice | © 2024 Aon plc

Connect with Aon on LinkedIn at http://www.linkedin.com/company/2041. Follow Aon on Twitter for the latest updates at http://www.twitter.com/Aon_plc. Join Aon's community on Facebook at http://www.facebook.com/Aonplc.