With more people online now more than ever, many companies have had to get policies to protect their vulnerable data as people work remotely. Most however think that a general liability policy will cover this risk and they don’t need a cyber policy. When in fact you do need a separate policy to cover cyber.
The difference between general liability and cyber is that general covers physical damages while cyber covers any damages incurred by the breach including security forensics. In the last 12-18 months, it has become alarming at the amount of losses a company incur because their general liability policy doesn’t cover losses in the event of a cyber breach. Traditional policies do not include these because until recently, cyber losses were at the very low end of priority. This so called silent cyber coverage, presents a dangerous risk. When an attack occurs, no one with a general liability policy will be covered as their policy has no wording on whether to include or exclude cyber. Many brokers and their clients believe they should be including this but as they are worded there is no basis for this coverage.
“Speaking at the NetDiligence cyber risk summit in London in 2018, Johnny Fraser, cyber reinsurance broker at Capsicum Re, said: “I regard silent cyber as an exposure on an insurance line of business derived from some sort of computer system, computer software virus or malicious code. We call it silent cyber because we’re trying to describe a situation where there’s coverage ambiguity, so it’s neither explicitly included on an insurance policy, nor explicitly excluded.”[1]
To exclude cyber in the current atmosphere of lockdowns and COVID is almost unheard of. But many current general coverages don’t cover it. Be wary of this exclusion and consult your provider for options related to both general and cyber liability.
[1] https://www.insurancebusinessmag.com/us/guides/what-is-silent-cyber-risk-117150.aspx