Are cyber challenges real or science fiction?
That’s the hot topic Gordon Longley, CEO of the Cargo, Specie & Fine Art team at JLT Specialty, was debated at the International Cargo Insurance Conference this week. Four members from our cargo team attended this year’s conference.
Longley says: “The current focus on cyber challenges stems back to the early 00’s when, following Y2K and 9/11, the market had concerns about cyber attacks causing a potential aggregation of losses they could not manage, so they came up with the Institute Cyber Attack Exclusion Clause CL380.”
Longley continues: “Introduced by a reasonably hard market at the time the clause was openly criticised from a number of areas for being too widely drafted and with seemingly little thought given to resultant physical damage as opposed to say loss of personal information, loss of trade secrets and data fraud.”
The clause was not mandatory, but lots of brokers did accept it. “However, we refused to accept its inclusion on a blanket basis,” says Longley. “We argued that it was not reasonable that general cargo loss, for example theft of cargo from whatever cause or loss resulting from malicious acts which have historically always been covered under a standard ‘all risks’ form should suddenly fall foul of this new language. Is it reasonable for example to potentially exclude loss by reason of collision of a vessel which might be the result of an isolated incident of someone hacking into its navigation system or an opportunistic theft from a location who’s security system may have been compromised by a virus? It’s all about protecting the innocent assured.”
This issue cropped up again in 2014, after a number of high-profile cyber attacks, including those against JPM, Sony and the use of the ‘Stuxnet’ virus to name but a few.
“This alerted the reinsurance markets to look at the issue again,” says Longley, “and they started asking insurers if they had the CL380 clause in place with their clients. Lloyd’s then asked all insurers what their exposures were to cyber risks, and how they were managing them.”
All of this put cyber risks firmly back on the agenda. “We’ve now come full circle to 2002/3,” says Longley, “with underwriters trying to insist on CL380. However, we’re firmly pushing back as we did before, because the fundamental argument has not changed.”
In essence, we still believe CL380 is not fit for purpose in its current form, says Longley. “We would prefer that there is an open dialogue with assureds at the time of any placement regarding cyber risks. If then underwriters want a clause to deal with subsequent events (such as a ship grounding after being hacked), they will need to come up with a suitable wording that brokers are happy to talk to their clients about.”
Download Cargo newsletter
For more information, please contact Gordon Longley, CEO of Cargo, Specie & Fine Art on +44 (0)20 7466 6555