The Sound of Silence: Navigating the Darkness of Silent Cyber

With the rise of cyber attacks and imminent implementation of the Protection of Personal Information Act (“POPIA”), it may seem that these days the most important business risk to insure against is cyber attacks.

With the rise of cyber attacks and imminent implementation of the Protection of Personal Information Act(“POPIA”), it may seem that these days the most important business risk to insure against is cyber attacks. The purchase of a cyber risks policy should therefore be an easy decision to make but many clients may be reluctant to purchase yet another insurance policy if they believe that they already enjoy cover under their Professional Indemnity (“PI”) or Directors and Officers (“D&O”) policies.

While it could certainly be postulated that data breaches could be entertained (to an extent) under any product which includes PI, it would certainly be prudent for brokers to ensure that their clients are adequately covered and are not relying on the existence of “silent cyber” to cover this risk. In fact, to avoid a situation where a policy is covering unintended cyber claims, many insurers have introduced silent cyber endorsements.  

The silent cyber endorsement could affirm or exclude coverage depending on the product and risk carrier’s appetite. For example, certain sections of a Commercial Crime policy are intended to cover losses arising out of criminal acts perpetrated by way of a computer [fraud] and in respect of those sections, insurers may affirm the cover but then specifically exclude it in respect of areas where they would not wish to provide any cyber cover. On products like D&O and pension fund trustees, cover for cyber-related wrongful acts might be confirmed. Whereas on a policy offering PI, insurers may totally exclude silent cyber.

 

Camargue’s cyber risks policy wording offers cover for errors and omissions as a result of professional services offered by technology professionals, as well as a host of cyber covers. If an IT provider failed to prevent a data breach and it could be shown that they were negligent in carrying out their professional duties, this would be covered under the PI section of the policy. However, should there be a data breach of their own network, this would not be covered unless they had also purchased all relevant cyber covers. To this extent, and for the avoidance of all doubt, insureds who only purchase Tech PI would have a total cyber exclusion placed on their policies.

 

Clients who are concerned about being held liable for data breaches should therefore be encouraged to purchase a cyber policy. The following will highlight some of the key covers available under the Camargue cyber risks policy:

 

Insuring Agreement 3 (Security and Privacy Liability) essentially covers the Insured for legal defence costs and damages for negligence in failing to prevent a breach. This would be for breach of their own systems which compromises personal information; and failing to prevent a breach occurring through their own network. What is important to note is that the section specifically refers to the negligence of the Insured. In order to determine negligence, certain standards such as the reasonable man test and King IV Code will be considered.  

 

Insuring Agreement 5 (Privacy Regulatory Defence and Penalties) is also important to note as it covers the awards, penalties and fines which the Insured can incur in terms of POPIA (or any other relevant piece of legislation), provided that these fines are insurable by law.

 

A privacy breach is also covered where it is as the result of a malicious intentional act of an employee. This is a key cover which clients should ensure is in place, as it could result in a very costly breach where an employee intentionally releases confidential data.

 

From the above it can be seen that clients should seek absolute certainty around ensuring that they are adequately and appropriately covered in the event of their negligence leading to a cyber breach, and should not be relying on silent cyber. By highlighting the pitfalls of relying on silent cyber, and expounding on the importance of purchasing a cyber policy, clients can have confidence in their broker’s recommendation to purchase a comprehensive cyber policy.  

 

More News Stories

October 12, 2021
Camargue | Brit Announcement

Camargue Underwriting Managers (“Camargue”) announced that Brit Insurance Holdings Limited (“Brit”), the global specialty insurer and reinsurer, has acquired a further interest in Camargue, taking its ownership to 100% of the business.

Read story
October 8, 2021
Can Covid 19 be used as a supervening impossibility defence?

Covid 19 has been in the spotlight for an extended period and will probably continue to be a lively topic of discussion for the foreseeable future. The Covid pandemic has undoubtedly had a negative impact on businesses resulting in the failure to perform contractually.

Read story
May 20, 2021
The COVID-19 Pandemic: A Black Swan event & Claim trends

The revolutionary idea that defines the boundary between modern times and the past is our ability to understand and manage risk - it converted the unknown future from an enemy into an opportunity (Bernstein Against the Gods – The Remarkable Story of Risk).

Read story