Press "Enter" to skip to content

Cyber insurance policies flawed

Mactavish, the insurance governance expert, warns that most ‘off-the-shelf’ cyber insurance policies have serious flaws and, in the event of a claim, are likely to be disputed and pay out much less than expected.

Its analysis of 30 UK cyber policies highlights seven common flaws:

1 Cover can be limited to events triggered by attacks or unauthorised activity, excluding cover for issues caused by accidental errors or omissions;

2 Data breach costs can be limited – e.g. covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice);

3 Systems interruption cover can be limited to the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted;

4 Cover for systems delivered by outsourced service providers (many businesses’ most significant exposure) varies significantly and is often limited or excluded;

5 Exclusions for software in development or systems being rolled out are common and can be unclear or, in the worst cases, exclude events relating to any recently updated systems;

6 Where contractors cause issues (e.g. a data breach) but the business is legally responsible, policies will sometimes not respond; and

7 Notification requirements are often complex and onerous.

Mactavish advises organisations of all sizes on their insurance requirements and recently launched a Cyber Risk Consulting Practice to help clients understand their exposure to cyber risks and source appropriate insurance cover. Its free report can be accessed at:



Please follow and like us:

Be First to Comment

Leave a Reply