Eric Cernak, Head of Cyber, The Hanover Insurance Group
Digital and physical worlds are colliding at an ever-increasing pace. The rapid and widespread adoption of the Internet of Things/Industry 4.0 is creating an increased awareness and willingness of insurers to cover exposures beyond traditional data breach losses.
As operational and information technology become more intertwined on a scale not before seen, customers are well advised to carefully consider their exposures and talk with their independent insurance agents to understand if they are properly covered for potential risks. Even those without personally identifiable information on hand can now be exposed to data breach risks, increasing their need for cyber insurance.
For example, changes to computer code can stop computer equipment from operating without any visible physical damage. This often means the only cost-effective way to fix the equipment is to replace the damaged hardware. Additionally, a malicious cyber-attack can cause valves to unexpectedly open. For organizations using toxic materials in their operations, they may suffer an accidental spill, resulting in added costs to clean up.
The nature of cyber-attacks continues to evolve. The AIC (availability, integrity, confidentiality) security model provides insights as to what might be next for cyber-attacks. Attacks that disrupt access to critical data and systems (e.g., ransomware), as well as compromise the confidentiality of personal information (e.g. large retailer breaches), are well documented in both the private and public sectors. Less commonly seen in the private sector, or at least publicly acknowledged, are attacks that modify the integrity of data in a system. While viruses often consist of attacks on data access, it is not hard to envision a scenario where critical design specs fed to a computer numerical control (CNC) machine may be unknowingly altered, resulting in defective products, and subsequent property or product recall losses.
In addition to the explicit costs incurred by operations to remedy issues like these, they also face loss of business income while they replace hardware and cleanup spills, thus demonstrating that cyber risks reach far beyond the “traditional” breaches of personally identifiable information.
This expansion and interconnection will cause organizations and independent agents to guide manufacturers to consider whether cyber is a peril that can impact other, more traditional insurance policies (such as property) or if it is more of a coverage that fills the “gaps” not typically covered under more traditional policies.
Additionally, more emphasis is being placed on removing ambiguity from more traditional lines. Some traditional policies now have explicit exclusions for losses originating from a cyber incident (e.g. non-affirmative cyber). This will aid in providing a clearer expectation of coverage for insureds, agents and carriers, and will provide additional contract certainty. As the digital world continues to meld with the physical world, this becomes even more important as previously unimagined loss scenarios emerge.
Agents with significant cyber experience are going above and beyond, asking much more than whether a client collects personally identifiable information. These agents understand that additional questions are needed to evaluate their clients’ cyber risks. It’s important for agents to probe the ways in which their clients depend on computer systems. These coverage interdependencies and increasing interactions only emphasize the importance of the independent insurance agent as a trusted adviser.
At The Hanover, we recognize the important role agents can play in helping their customers effectively mitigate cyber risks, and we have invested in the capabilities our partners need to do just that. Today, we are uniquely positioned to help our valued agents address these non-traditional, evolving exposures. We are able to combine our extensive understanding of traditional manufacturing risks, such as property, workers’ compensation and products liability, with our decade of cyber-related experience. We have the capability to provide contingent business interruption for manufactures that can help reduce their overall supply chain risk. Whether providing easy access to cyber coverage or satisfying contractual obligations, The Hanover’s suite of cyber offerings can help agents match the appropriate level of insurance coverage for their manufacturing clients’ evolving risks.
With cyber risks increasing for more and more clients, agents who focus on this evolving risk will provide a highly valued service while building their own businesses for the future.
About the author
Eric Cernak is vice president of cyber practice at The Hanover Insurance Group. In this role, he is responsible for overseeing The Hanover’s corporate cyber strategy across all of its commercial lines and specialty businesses, to ensure a cohesive offering of products and services for The Hanover’s independent insurance agent partners.
He can be reached at [email protected].