KBI
  /  Cyber Blog   /  What to Watch Out for in a Cyber Insurance Policy
what to watch out for in a cyber insurance policy

What to Watch Out for in a Cyber Insurance Policy

Cyber Insurance policies are complex, even if you have already figured out what it covers and how it works. We have outlined here some of the things to watch out for when you have, or are purchasing, a cyber insurance policy.

1. Disclosure of Information Before & During the Policy Period

Someone applying for insurance must disclose any matter they know to be relevant to the insurer’s decision to accept the risk. Continuous disclosure is also very important: if there is any material change to the company during the policy period, the insured needs to keep the broker/insurer informed of the change.

2. Cancelling a Policy

Cyber Insurance policies are written on a claims made policy form, which means the loss/claim must be reported and indemnity granted during the period of insurance to trigger a claim. If a policy is cancelled and a claim is reported afterwards, the claim will likely be denied – even though you may have had a policy in place at the time the loss actually occurred.

An example of this situation is if your system is breached while you have a policy in place, but you aren’t made aware of any loss/attack until later. If you had a policy in place when the breach occurred, but cancelled it before you were made aware of the loss, the claim would likely be denied. This can be more likely than one would think, as cyber criminals can breach a system (take control, install malware/ransomware, etc.) months before they decide to take any sort of action that notifies you of the attack.

3. Social Engineering Coverage

This is an important coverage, as Social Engineering losses are more frequent than ever, but this section is typically automatically excluded from a policy unless it is specifically added and noted on the schedule for an additional premium.

This coverage is also often misunderstood and lumped under the term “Cyber Crime” – this is incorrect. Cyber Crime is a very broad term that can include sections that are almost always automatically covered, such as Cyber Extortion. Social Engineering has recently been defined more adequately as Funds Transfer Fraud, which is the fraudulent transfer or theft of funds caused by instructions made by a person purporting to be an authorized employee, outsourced provider or customer of yours. This also covers off the definition of “phishing”, which would be included in this section.

This coverage is typically optional for an additional premium and is sub-limited. To see if your policy includes this coverage, it should be detailed on the policy/quotation schedule and further explained in the policy wording.

4. Retroactive Date & Known Claims

The retroactive date determines if a policy will provide cover for past acts that have only been discovered after the fact – in the policy period. If this date is either “unlimited” or states a specific date, there is cover for claims that had occurred in the past and reported during the policy period, as long as they were not previously known by the insured. If this date is “inception”, then cover is only provided for acts occurring after the policy is put in place while it is in force.

5. Exclusions

Cyber Specific Exclusions

Electromagnetic Discharge

The existence, emission or discharge of any electromagnetic field, radiation or magnetism that allegedly or actually affects the health, safety or condition of any person or environment, or that affects the value, marketability, condition or use of any property.

Power Failure or Core Internet Infrastructure Failure

Excludes claims caused by power outage, or any other failure to a system, infrastructure, or network where you have no direct control.

Product IP & Patent Infringement

Excludes acts that cause the infringement or misuse (among other things) to any patent or patent right.

Unsolicited Communications and Data Collection

This excludes claims for unsolicited emails, phone calls, or other correspondence which breaches the applicable legislation. This can sometimes be written back into the policy through the Privacy and Cyber Security coverage section if it occurred due to a network compromise.

Standard Exclusions

Contractual Liability

Unless this has been specifically added to the policy, coverage is excluded for any obligation you have entered into under a written contract. However, this exclusion does not usually apply to liability you would have in the absence of a contract.

Insured versus Insured Claims

There are many variations to this exclusion, but the main purpose is to not cover a dispute between insureds and/or the company.

Prior & Pending Exclusion

States that the policy will not cover any pending or prior litigation involving the Company that has begun before the Prior & Pending date of the policy.

Sanctions Exclusion

Excludes claims where cover, payment, service, benefit and/or any business or activity would violate any applicable trade or economic sanctions, law or regulation.

Bodily Injury/Property Damage

The policy will not respond to a Bodily Injury & Property Damage claim as this exposure is typically covered by a Public Liability policy. This exclusion usually has a write back (gives coverage back) for Defence Costs, Employment Related Wrongful Acts and Security Claims.

Retroactive Date Exclusion

This excludes any wrongful act committed or alleged to have been committed prior to the inception of the policy. This is a way for insurers to exclude past acts and make the policy only forward looking.

** The above are general examples only; each insurance policy is different and standard exclusions may apply. Please read your PDS and contact your insurance advisor to review your specific policy. **

Have any questions?

Talk to one of our Cyber Experts today!

About KBI

We are a specialist insurance brokerage with an emphasis on adding value to our clients by helping them make an informed decision. Our approach combines that of an insurance broker and consultant, where we focus on providing expert advice to our clients while customising their insurance program and risk management solutions.

Since starting in 2013, KBI is constantly growing and becoming a leader in the Australian market. Our primary point of difference is that we don’t try to be all things to all people.  We work in niche areas, where we can tailor an offering, advice and broker support to meet the specific area’s needs.

tyler speers
By Tyler Speers

Tyler Speers is an Account Manager at KBI with a focus on Cyber insurance.

Cyber Newsletter Sign Up

Want to keep up to date with all our latest Cyber Insurance news and information? Enter your email to be added to our mailing list.