Confusing terminology in cyber policies stifling market, warns comparison engine

Cyber|Decider  is warning that the lack of standard, understandable terminology in cyber insurance policies causes confusion for brokers and customers, and is a ultimately stifling market growth.

While it agrees that demand for cyber policies is growing, there is still a lot of confusion around the policies available and terms of cover because insurers fail to use standard wordings.

It gave the examples of when one insurer may use the term ‘network expenditure,’ another may use ‘data restoration costs’. 

Also, in some policies, the definition of ‘computer’ also includes ‘industrial control systems,’ while in others it does not.

An off-putting combination

Cyber|Decider chief executive, Neil Hare-Brown said: “Clients are missing out on getting the right cover because cyber insurance is an area that causes brokers confusion and insurers have done little to rectify that.

“When you combine confusing policy wording with the tech-jargon around cybersecurity, you are creating an off-putting combination for many brokers.

“Lawyers have scared insurers into believing that it is anti-competitive for them to discuss creating standard terminology for cyber insurance, although it is the norm for all other policy areas. However, there is nothing stopping Cyber|Decider using our position to propose sensible standard terms and for insurers to adopt them, and that is what we are doing.

“The off-putting and confusing language used in such policies is a barrier both brokers and clients, and it is essential that underwriters are aware of the extent to which the current complicated and often contradictory wordings are stifling market growth.”

Break the barrier

He believes the time is now for the industry to take action and fix this problem as it is stifling the progress the sector desperately needs.

“It is time to break this barrier. Cyber|Decider is calling on the insurance market to use forums, including the Cyber Insurance Association, to discuss solutions to this growing problem and open the market up to new customers.”

Proposed glossary

Calling for the sector to adopt uniform terminology, the cyberinsurance comparison engine has created a glossary of terms that could become industry standard to promote greater understanding of the policy.

  • ‘Computer system’

Proposed definition: ‘All electronic computers including operating systems, software, hardware and all communication and open system networks or websites and mobile devices including but not limited to laptops, data storage devices, smartphones, iPhones, tablets, personal digital assistants, electronic office equipment, and equipment controlling manufacturing processes, or forming part of machinery.”

  • ‘Data’

Proposed definition: ‘Any electronically stored digital or digitalised information or media’.

  • ‘Security Breach’

Proposed definition: ‘Security Breach means unauthorised access to or use of your computer system by any person not authorised to do so, including employees; or use of your computer system by an authorised person, including employees for an unauthorised purpose’.

  • ‘Privacy Breach’

Proposed definition: ‘Privacy Breach is the actual or suspected breach of any legal, regulatory or contractual requirement to protect the security or confidentiality of any information held by the insured’.

  • ‘Social Engineering’.

Proposed definition: Social engineering’ is the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purpose, not including…’.