Many clients are reluctant to purchase a cyber risk policy out of fear that it is illusory coverage.
Illusory coverage is when the literal language or structure of an insurance policy gives the policyholder the impression of coverage but effectively negates any meaningful coverage.
Because of this, cyber insurance has received an undeserved reputation for denying claims, when in fact, the claimants are trying to collect under non-cyber policies.
Often times there is no Cyber insurance policy or the limits are inadequate, so the insureds look to alternate policies to respond. For instance, looking to the property policy to offset business income loss from a non-physical business interruption or a Kidnap and Ransom policy for cyber extortion demands.
Recently there has been a lot of publicity about Mondelez International, an American multinational confectionery food and beverage conglomerate, and Zurich Insurance Group because of Mondelez v. Zurich. In this case, Zurich is denying Mondelez’s claim that occurred during NotPetya, one of the largest cyber events to date, because of the War exclusion. However, Mondelez is trying to recover under their property policy and look for silent cyber coverage. Zurich is denying the claim under the War exclusion since the NotPetya malware is attributed to Russia and considered a hostile state sponsored activity.
Ambiguities such as Mondelez v. Zurich, have led to some big headlines proclaiming cyber insurance buyers to beware. It is important to note there is no standard cyber form and having a knowledgeable cyber insurance broker is key. There are many coverage exclusions to watch out for and enhancements to request. It is also important for Cyber insurance policies to affirmatively cover cyber terrorism and to have a cyber broker that knows the difference.
The policy that can best respond to a cyber incident is a cyber policy. Equally important is the coordination of all policies to avoid coverage gaps and overlaps. If you have questions about what policy should respond or if you have adequate cyber coverage, please contact me to further discuss.
Cyber Strategic Leader
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.