While America was closed for business yesterday and fireworks and barbeques were being enjoyed, Lloyd's issued a Market Bulletin that will require insurers there to explicitly state whether cyber coverages are included or excluded. For some insurers who have been putting off dealing with non-affirmative cyber exposures this may be seen as an unwelcome present and a big headache to address.
Given some of the expensive cyber-related losses and subsequent legal cases (think Mondelez, Norsk Hydro) one could argue that this is long overdue. As a market leader, setting an example is a first sensible step to reducing ambiguity in this evolving area. The biggest challenge is in nudging insurers where "non-affirmative" exposure exists to get off the fence and state their position clearly.
The rule will start with property in January 2020 (including coverholders), while liability and reinsurance policies will follow by 2021. There will undoubtedly be some teething issues and brokers may be scrambling as programs containing both Lloyds and Company markets could create the potential of inconsistent coverage for clients. As a buyer however I would think clarity is a preferred approach to keeping one's fingers crossed.
It will be interesting to see how other insurers react, especially in the US domestic market. The challenge of getting a grip of non-affirmative cyber exposure is significant. The CyberCube platform provides ways to help understand these exposures through mapping cyber perils to P&C lines of business and modelling the results of our carefully designed scenarios in a probabilistic manner.
When the US National birthday celebrations subside, we will be tracking closely if the US markets follow Lloyd's lead.
From January 1, 2020, Lloyd’s underwriters will be required to clarify whether first-party property damage policies affirm or exclude cyber cover.