Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.


Counting the Cost of Silent Cyber

By Akber Datoo, Founder and Managing Director, D2 Legal Technology

Damaged reputation. Financial loss. Punitive capital adequacy provision. Silent cyber is one of the biggest issues facing the insurance industry. Yet despite the Prudential Regulatory Authority’s (PRA) demands for robust action plans, few firms have put in place the document digitisation required to truly understand the level of risk. Further, it is somewhat ironic that an industry that is predicated on pricing risk, is failing to assess and understand this risk that exists today in its back catalogue. From determining the current silent cyber position to identifying policy wording changes and analysing the legacy book, AkberDatoo, Founder and Managing Director, D2 Legal Technology, highlights the need to digitise policy documents.

Non Affirmative Loss

“Silent Cyber” is the term given to cyber related losses that may/or may not fall under a traditional property and liability policies that were not designed for that purpose.

The concerns of silent cyber have recently come to the fore and the shock waves created by the Mondelez / Zurich Insurance case have reverberated around the market. Whilst publicity may have temporarily abated over the past few months, very few insurance companies have begun to truly address the risk posed by silent cyber. In an industry predicated on strong reputation, the decision by Zurich to reject a claim from a client whose business had been devastated by the NotPetya cyber-attack in 2017 made headlines around the world – not least for citing exclusion for ‘hostile or warlike action in time of peace or war’ by a ’government or sovereign power’.

Yet as the cost of such attacks are being counted, the impact of silent cyber on the industry as a whole is becoming painfully apparent. PCS Global Cyber has recently attributed 90% of the insurance industry’s losses relating to the NotPetya cyber-attack to non-affirmative (silent) cyber, and the rest to affirmative losses.

Certainly, the PRA believes the UK insurance industry can do more to ensure the effective management of affirmative and non-affirmative cyber risk exposures. It has ordered firms to develop an action plan, with clear milestones and dates by which action will be taken.

Divergent Attitudes

Despite the cost to the industry, there remains a concerning lack of consistency in terms of risk awareness and planning as well as risk appetite and understanding. The PRA’s own survey in 2018 revealed significant divergence in firms’ views of the potential exposure to silent cyber. Within Marine, Aviation and Transport (MAT), Property and Miscellaneous lines, exposure was rated at anywhere between zero and the full limits.

With PCS Global Cyber believing the cost to the industry of NotPetya associated claims has now exceeded $3 billion, there is ever greater focus on insurance companies’ cyber stress tests. Fears that gross losses could run into the multiples of annual cyber premiums are very real. However, to date such exercises are based on minimal fact: firms lack robust or reliable claims data relating to silent cyber. As a result, models are immature and there is little faith in the resultant capital adequacy calculations. Just how much capital should the regulator demand firms to set aside against possible exposures when the silent cyber risk is so poorly understood?

In addition to the model and assessment demanded by the PRA, firms need to look closely at existing policy documentation to gain better insight into risk. What is the current position? Does wording need to be amended to address silent cyber risk? How can the legacy book be analysed and key data and wording from the contracts extracted to assess the potential silent cyber exposure going forward?

Document Digitisation

In many ways, the insurance industry is better placed than many for the challenges ahead. Document digitisation has been on the agenda for some time and the industry has already created clause libraries to make it easier for firms to gain access to vetted policy wordings and regularly used clauses. However, the low take-up of these libraries is disappointing. Not only do firms have a somewhat confusing choice – between the Lloyd’s Wording Repository, the IUA (International Underwriting Association) Clauses Document Library and the Xchanging Model Wordings Library, but the checklist structure is not providing the required solution.

Insurance companies and brokers need to better understand how to use these clause libraries within current business models, preferably in tandem with a document generation tool to improve data management. The goal is to create data driven contracts, where documents are drafted based on known outlooks. But to get to that point, firms need to actively embrace document digitisation to gain a better handle over the current risk position and create a foundation for rapidly changing wording to avoid any ambiguity regarding silent cyber. Moreover, we need the link wordings in clause libraries to classified business outcomes, and then derive business intelligence from policy portfolios.


No firm wants to risk the reputational damage associated with refusing a high profile claim – nor endure the huge losses associated with attacks such as NotPetya. With the rise in cyber attacks, this is an issue that has to be addressed immediately: firms need to act now and embrace the opportunity of digitisation strategies within policy documentation to mitigate the potentially devastating silent cyber risk.

Continue Reading

Recent Posts