December 13, 2019

Noise around silent cyber set to get louder in Germany

German regulator and insurers will accelerate moves to clarify exposures in 2020.

Cyber risks affect all industries, markets and companies and therefore basically have an impact on all lines of insurance. Existing traditional policies often contain hidden cyber exposures (ie silent or non-affirmative cyber cover), which might entail a significant exposure. With that in mind, it is not surprising that regulators have put the issue of non-affirmative cyber at the top of their agenda and will increasingly focus on the topic. Dealing with this issue is therefore not only in the insurers' own interest, but also becoming a regulatory requirement.

In the UK, the Prudential Regulation Authority (PRA) has contacted the Chief Executives of general insurance firms and raised several concerns regarding “affirmative” cyber cover such as that insurers failed to make adjustments to reflect the nature of the risk including in relation to pricing and have not ascertained their exposure to “non-affirmative” or ”silent” cyber cover. From January 2020, Lloyd’s underwriters will be required to clarify whether first-party property damage policies affirm or exclude cyber cover. For liability and treaty reinsurance, the requirements will come into effect in two phases during 2020 and 2021.

While there are no such specific requirements in Germany, yet, in their recent annual conference, the Federal Financial Supervisory authority (BaFin) explicitly noted the importance for insurers to address the topic and consider it in their risk management. A current BaFin survey confirmed that almost all lines may be affected by non-affirmative cyber. Accordingly, German insurers have started to develop a new underwriting strategy to address “silent” cyber exposures ensuring that all policies will be updated and clarified with regard to cyber risks. For insurers, it is and will be of vital importance to determine and take control of their cyber exposure, either by providing affirmative coverage or by covering it consciously – for the cyber cover to be no longer silent.

Read the rest of our insurance predictions here.