Cyberinsurance t1_j2ac6ja wrote
Reply to comment by themadweaz in Ohio Supreme Court says insurance policy does not cover ransomware attack on software by homothebrave
You put the exclusion (or even better expressly carve out “cyber damage” from the definitions to avoid defense costs) since your buyers are less likely to have a risk manager who better understands the coverage. I agree with you that the exclusion isn’t necessary, but without it you will continue to have needless coverage litigation
themadweaz t1_j2ahjmd wrote
I'd fire any risk manager working for a tech company that is unaware cyber insurance exists.
The main issue I see here: cyber is already an established line. You would then need to add all optional coverages, exclusions, endorsements etc that the cyber line is currently offering to the gl policy as well. It would be hard (not impossible) and would make ISO gl worse than it already is. And BOP. And probably Marine... And any commercial auto (cars have computers, right?). It's just not worth it to extend those lines of business when you are offering an additional lob.
Having it as a separate line doesn't prevent an insurer from bundling the two lines, but it adds exceptional extra complexity to already complex lines.
Found this quote that kinda explains my perspective:
"If a company decides to rely on its GL policy to cover cyber losses the only certainty is that it will end up in a fight with its GL insurer"
Btw, I'm not an underwriter. I just used to program rating engines with ISO ERC data. I feel like I have a pretty decent grasp on how ISO decides to implement exclusions, so my comment was only to clarify from that perspective.
Viewing a single comment thread. View all comments