Mactavish originally sent the ABI a letter highlighting common flaws in cyber insurance policies on 19 March

Mactavish chief executive, Bruce Hepburn has invited ABI director general, Huw Evans to an open discussion after receiving a response to his letter yesterday.

On 19 March, Mactavish wrote a letter to Evans outlining “common flaws” in cyber insurance policies.

Those flaws, originally identified in Mactavish’s Cyber Risk and Insurance Report, published in November last year, were:

  1. Cover can be limited to events triggered by attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions
  2. Data breach costs can be limited – e.g. covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice)
  3. Systems interruption cover can be limited to only the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted
  4. Cover for systems delivered by outsourced service providers (many businesses’ most significant exposure) varies significantly and is often limited or excluded
  5. Exclusions for software in development or systems being rolled out are common and can be unclear or in the worst cases exclude events relating to any recently updated systems
  6. Where contractors cause issues (e.g. a data breach) but the business is legally responsible, policies will sometimes not respond
  7. Notification requirements are often complex and onerous
  8. Businesses are forced to choose IT, legal or PR specialists appointed by their insurer.

Yesterday, Evans responded to the letter, by sending a letter back, addressed to Hepburn.

In it, Evans said the ABI “simply does not accept” some of the suggestions made about the cyber market offering.

He believes the insurance industry’s contribution to cyber resilience in the UK is “something of which the industry can be proud of.”

He said that the ABI does not believe there are flaws in the way that Hepburn described. Nor does the ABI think there are systemic or widespread issues across the market.

Finally, Evans said that Mactavish has ”fundamentally misinterpreted how cyber insurance is provided as a product offering.” He says while some policies have a basic coverage, these are almost always sold with an extension or endorsement which increases the baseline coverage significantly.

Mactavish stands firm

In response to the letter send by Evans, Mactavish says it is standing by its findings, and hopes the ABI director general accepts its offer to attend an open debate on the subject and the issues raised by Mactavish.

“I am grateful to Huw for responding to our concerns regarding the quality of cover provided by many cyber insurance providers, and for setting out his views so clearly.

“We stand-by our findings and hope that Huw will accept our invitation to attend an open debate that we are looking to organise on the issues we have raised. We will share more details on our findings at this event.

“Our clients buy commercial insurance and we represent them by independently reviewing their cover, making sure it’s adequate and fit for purpose. We also work with them when they are in dispute with their insurers over claims.

“We firmly believe that a light needs to be shone on the cyber insurance marketplace to highlight a number of flaws and find ways in which these can be addressed. We look forward to working with the ABI and others in the industry to do this.”