Cyber war exclusions “could become a disputes area” for cyber insurance claims, according to Charles Cowan, partner at Drinker Biddle, where these “require a hostile act by a foreign government”, as state-sponsored cyber-attacks are reportedly rife, but usually impossible to prove either way.
“It’s being talked about,” noted Cowan. “Everyone’s aware of these war exclusions.”
There were some illuminating insights into emerging risk areas for re/insurers, offered by partners at law firm Drinker Biddle & Reath, in an event at Lloyd’s this week.
Reinsurers should be paying increased attention to cyber, he warned, owing to their trend for taking on increased treaty bundling of policies across risks and geographies, with little heed to underlying cyber risk within the forest of broader liabilities.
“Reinsurance treaties are far too broad,” said Cowan. “The reinsurers are just not being careful enough, and they could face more claims in the next few years from this underlying aggregate risk.”
Turning to cyber risk in the marine sector, he also warned against a hypothetical cyber hack scenario, in which hackers can penetrate the navigational systems or propulsion of a large cargo vessel while transiting a vital trade artery such as the Panama Canal.
Gaining access to the ship’s systems, they could then extort cash in return for handing back control of the vessel, he pointed out.
The recent Anthem healthcare data cyber hack at Anthem spent all $150m of insurance coverage just on the process of notifying all customers involved and basic initial mitigation steps, noted Cowan.
“That’s before liability costs,” he noted.
There is a push to create one notification standard by the US Federal government, encountering typical kickback from US state legislatures, he noted, with the focus currently on 48 days.
For Target’s cyber breach, the company had $100m of coverage, said Cowan, of which $90m had been used up by August 2014, despite ongoing fallout.
“Companies are claiming to understand cyber risk but really there’s much more capacity than there is take up,” said Cowen. “They’re also sceptical about whether insurance companies will pay, so it’s a trust issue,” he added.
Smaller start-up businesses, in particular those who might work from home, are at legal risk by their storage of customers’ credit card details, he noted.
AIG had recently purchased an in-house cyber security firm, he noted, while insurers needed to do more to increase awareness.
Drones were another emerging risk and opportunity for insurers, noted Cowan.
At present, 80% of US commercial market for unmanned aerial systems (UAS; drones) comes from agriculture – whether crop spraying, pollination or surveying of erosion.
Drones would provide $82bn to the US economy by 2025, noted Cowan, with increasing attention paid to airspace rulings about their use.
Amazon is in talks with the US Federal Aviation Authority (FAA), said Cowan, over a possible exemption to rules that drones can only be used in line of sight visible to their operator – one barrier to their potential use for deliveries.
“We’re probably going to see exemptions,” he suggested.
State level rules are also crucial for would-be drone underwriters. California, for example, has strict speed limits of 20mph for drones flying within the state.
Safety concerns about drone use are paramount, noted Cowan, spilling into cyber when talk shifts to whether they could be sabotaged or hijacked for malevolent ends.
Lack of data, unclear operator standards and lack of industry standards are all problems for underwriters considering writing drone risk – whether under the guise of aviation, agriculture or other liability type policies.
“From an insurance perspective, where is this capacity going to rest,” asked Cowan. “Aviation makes sense, but UAS are not regulated like normal aircraft.”
Returning to earth, Drinker Biddle partner Andrea Best commented on the growing trend for autonomous vehicles, and the opportunities and risks associated with them.
By 2040, 75% of vehicles in US will be capable of driving autonomously, she noted, citing the US Institute of Electrical and Electronics Engineers.
Tests by Google suggested a 90% reduction in accident rates, with only 12 accidents in Google’s 1.7m miles driven autonomously – none of which were reportedly the Google car’s fault.
While other advantages of autonomous driving include convenience, fuel efficiency and mobility for disabled drivers, there are notable barriers to the trend taking off.
Sensors, for example, will need to be created and installed not just on the cars themselves but on the roads and infrastructure to allow the cars to function, she suggested, with accompanying demand for new insurance risks.
While most US legislation is coming from state level, suggested Best, federal regulator the National Highway Traffic Safety Administration released a preliminary policy statement in 2013.
On car sharing trends, increasingly popular from environmental and financial perspectives, Best noted that there is a considerable risk of drivers becoming un-insured because of exclusions in their policies, with knock on potential to develop new policies taking the trend into account.
The focus in this area is currently legal, she noted, around the development of nascent legislative and regulatory frameworks.
At least 35 US states are looking to legislate in this area, said Best.
“US states are looking to pass laws to prevent motor insurance exclusions leaving drivers uncovered,” said Best, suggesting insurers’ motor liability risks may change whether they like it or not.
By David Benyon - firstname.lastname@example.org
Would you prefer your re/insurance insights live? Reactions editor David_Benyon was live tweeting from this event.