A new buzz word in the cyber and insurance world is “silent cyber.” According to Insurance Business, silent cyber refers to potential cyber-related losses stemming from traditional property and liability policies that were not specifically designed to cover cyber risk. An article by the D&O Diary highlights a few examples of companies who have experienced losses with aspects of silent cyber.
One interesting example is the Mondelez lawsuit between the food company Mondelez and Zurich Insurance. Mondelez was hit with the NotPetya virus in 2017 and experienced significant losses. The company looked towards Zurich for coverage but it was denied due to its policy’s War Exclusion. Many media sources portrayed this lawsuit as an example of cyber insurance carriers not providing coverage for cyber breaches. However, this is not the case as this dispute is related to the insured’s traditional property policy, hence the silent cyber issue.
Another important factor to consider is the complication that the “silence” can create. It is understandable (and within their right) for an insured that has sustained a loss from a cyber incident to seek coverage under any and all other insurance policies (including property, general liability, kidnap and ransom policies). However, the insured needs to understand that there will likely be opposition based on this argument.
Insureds need to be cautious about relying on any form of non-affirmative or silent cyber coverage. The insurance market is closely monitoring these circumstances and increasingly looking for ways to prevent from covering unintended losses. Due to the increase of silent cyber incidents, carriers are beginning to add terms and conditions so that “cyber-related losses do not filter into their various policies” because these policies “were not built to provide coverage for cyber-security related incidents.”
Talk to a trusted advisor to review your property and liability policies and see why a cyber policy may be the right fit for your organization.