Silent cyber in professional indemnity insurance
Produced in partnership with Andrew Jones of Beale & Co

The following Insurance & Reinsurance practice note produced in partnership with Andrew Jones of Beale & Co provides comprehensive and up to date legal information covering:

  • Silent cyber in professional indemnity insurance
  • What is ‘silent cyber’?
  • Why is silent cyber a problem?
  • What is the insurance industry doing?
  • How can silent cyber impact professional indemnity insurance?
  • What is happening in relation to silent cyber in professional indemnity insurance?
  • The IUA’s model endorsement
  • The LMA’s model endorsement
  • What about regulated professionals?
  • The future of silent cyber

Silent cyber in professional indemnity insurance

Silent (or non-affirmative) cyber coverage and the systemic risk it poses is a serious concern for the insurance industry, leading to scrutiny from the Prudential Regulation Authority (PRA) and prescriptive intervention by Lloyd’s of London (Lloyd’s).

This Practice Note considers silent cyber in professional indemnity insurance, the regulators’ concerns, what the industry is doing about it and what the future holds, in particular for professional indemnity (PI) insurers and policyholders.

Cyber risks encapsulate any risk associated with financial loss, disruption or damage to the reputation of an organisation arising from the failure, unauthorised or erroneous use of its IT systems. These risks can arise from both malicious acts (eg cyber-attacks) and non-malicious acts (eg infrastructure downtime and accidental loss of data).

Cyber risks are growing in number and public awareness of them is increasing. This comes from the ever-increasing reliance on IT systems by organisations of all types (businesses, defence, education, healthcare, charities etc) and the increased frequency of cyber-attacks on these organisations, against the backdrop of increased regulation. The 2018 introduction of the GDPR, in particular, has widened obligations and potential sanctions on organisations for many types of personal data misuse.

The financial losses that can result are very significant, both first-party and third-party: the costs of specialist IT assistance, third party claims for compensation, business interruption losses, regulatory investigations and penalties,

Popular documents