In May of this year, a ransomware cyberattack by Russian hackers made headlines around the world as it led to an 11-day shutdown of a pipeline that supplies nearly half of the East Coast’s fuel. The attack on Colonial Pipeline caused gasoline shortages and price spikes in much of the southeastern U.S.
The incident also made it clear to the public that cyberattacks not only impact businesses but can quickly deal blows to the lives of ordinary Americans as well.
The hackers’ assaults have also jarred the insurance industry, which is struggling to develop sustainable cyber insurance policies, even as the demand for cyber insurance coverage is on the rise.
Ambiguity of language
According to a Government Accountability Office (GAO) report issued earlier this year, there are a number of sticking points hindering the development of those policies, including the lack of accepted definitions of basic terms such as “ransomware” and “cyberterrorism.”
The lack of industry-accepted terminology leads to misunderstandings between insurers and policyholders. It also makes it important for policyholders, when placing their own cyber liability coverage, to pay particular attention to the differences in language between different quoted policies. The lack of industry-accepted terminology is something that insurers might seize on when losses occur to construe their policies narrowly in order to acvoid or minimize the coverage that they afford.
An industry undergoing changes
The GAO’s report paints a picture of a cyber insurance industry in flux, unsure of how to proceed in a market that includes the following factors:
- Soaring demand: back in 2016, only about 26 percent of businesses had cyber coverage in their insurance policies. Last year, that figure had risen to 47 percent – and seems primed to continue increasing after several highly publicized ransomware attacks.
- Soaring costs: cyberattack insurance premiums rose between 10 percent and 30 percent in just the second half of 2020.
- Shrinking coverage: insurers are reducing cyber coverage limits for industries such as healthcare and education.
According to a news report, the GAO isn’t sure of what will come next in the world of cyber insurance, concluding that “the extent to which cyber insurance will continue to be generally available and affordable remains uncertain.”
Notwithstanding that uncertainty, it seems clear that it is more important than ever for insureds to carefully consider which policy to purchase among the several quoted and, when losses do occur, to immediately retain legal professionals who can help pursue coverage under the cyber liability policies placed on behalf of the insured.