Munich Re’s top cyber underwriter told Reuters that the reinsurer is planning new wording in cyber insurance policies to exclude war in order to avoid disputes over what is covered.
Russia’s invasion of Ukraine has heightened concerns about cyber attacks, with the possibility of targeting Western businesses or government institutions.
Most cyber policies protect businesses against business interruption losses and the repair of hacked networks as a result of a cyber attack, but they do not cover war. However, ambiguities in the language leave insurers vulnerable to cyber-warfare claims.
According to S&P Global, insurance losses from the Ukraine conflict could total $35 billion, with cyber insurance being one of the most vulnerable.
Based on wording developed last year in the Lloyd’s of London market, Munich Re is seeking clearer war exclusion clauses in cyber policies.
The invasion of Ukraine was not a “classic cyber war,” according to Juergen Reinhart, chief underwriter, cyber, at Munich Re, but he advised being prepared.
“Let’s not wait…act let’s right now.”
Munich Re announced last month that it was ceasing operations in Russia.
According to Reuters, AIG, one of the world’s largest commercial insurers, is considering reducing coverage for Russia and Ukraine.
Reinhart stated that Munich Re was looking to add new wordings to its direct cyber insurance products. The reinsurer also advised its cyber insurer clients to implement similar provisions.
In the last two years, ambiguous business interruption policy wordings have resulted in a slew of court cases around the world over whether or not the COVID-19 pandemic was covered by insurance.
“We learned this lesson as an industry during the pandemic – how painful it is to have unclear wordings,” Reinhart said.
“Our goal is to have very, very clear wording…and to avoid surprises.”
Clarity, according to Julia Graham, chief executive of the UK insurance buyers’ association Airmic, is required.
“There has been a lot of uncertainty among Airmic members regarding war exclusions, particularly for their cyber policies,” she explained.
“The market’s lack of standardized policy wordings on cyber has certainly not helped things.”