Brokers are facing an increasing number of E&O cases for mis-selling cyber insurance policies, or even not selling a cyber policy at all.

Tim Johnson, partner at Browne Jacobson, says his law firm is seeing an increasing number of cases coming over their desks as brokers struggle to understand the complexities of the cyber market.

“We are seeing a lot more cases where a cyber event occurs and, for whatever reason, it is not covered under a policy,” he says. “Naturally, the policyholder then looks to the advice they received from their broker, and they will find that they haven’t purchased a particular aspect of cyber cover that was required.

“That is often because cyber is still a developing market, the policies are all different, covering different risks with different triggers and extensions, and it is quite a complicated area, which makes it difficult for brokers to advise on these risks.”

Johnson says it is often business interruption risks that end up not being fully covered, and that he only expects the problem to get worse as cyber cover becomes more popular with businesses.

“We are starting to see more notifications, and we are only at the tip of the iceberg,” he says. “There are going to be more because cyber attacks are on the increase, and that means more claims, and the knowledge of cyber as an insurance product is getting broader, so there is more focus on risks being able to be insured.

“Brokers really should be seeing this as a standard cover now. Even if the client doesn’t take it out, at least there is the record of the advice being given”

A Reputational Disaster Waiting to Happen

Speaking to Insurance Times in April 2019, Mactavish chief executive Bruce Hepburn predicted that if the current state of cyber insurance continues the way it is, the already fragile reputation of the product could fall even further.

“You get cyber risk, but there are serious gaps which is inevitable, because clients don’t evaluate risk properly,” he said. “Cyber insurance is a reputational disaster waiting to happen, because the placement of it suffers from all the problems other lines do, and one more.

“It is the client’s legal duty to improve their understanding of the risk but the sales process has to explain to the policyholder what their duties are. I don’t think the industry challenges the clients enough to understand the risks better, and when you don’t understand the risk, you can’t understand the policy.”

One way to overcome this problem is through education, and Johnson says brokers must work more closely with insurers to better understand their products, particularly when it comes to limits and exclusions.

“Brokers need to invest their time in understanding what policies are out there in the market,” he says. “And, rather than at an individual broker level, as an organisation, brokers need to take the time to engage with their insurers, and understand which products are offering the widest levels of cover.

“That will make it a lot easier for brokers on the ground.”