Insurance Day is part of Maritime Intelligence

This site is operated by a business or businesses owned by Maritime Insights & Intelligence Limited, registered in England and Wales with company number 13831625 and address c/o Hackwood Secretaries Limited, One Silk Street, London EC2Y 8HQ, United Kingdom. Lloyd’s List Intelligence is a trading name of Maritime Insights & Intelligence Limited. Lloyd’s is the registered trademark of the Society Incorporated by the Lloyd’s Act 1871 by the name of Lloyd’s.

This copy is for your personal, non-commercial use. For high-quality copies or electronic reprints for distribution to colleagues or customers, please call UK support +44 (0)20 3377 3996 / APAC support at +65 6508 2430

Printed By


Cyber insurers must ‘take note’ of Covid mistakes

'Insurers and their lawyers knew they never intended on picking up Covid but their customers did not and this did not play well in court,' MGA's James Burns says

Making exclusions too complicated and too specific might not help insurers exclude unknown systemic risks, CFC’s head of cyber strategy warns

Cyber insurers need to “sit up and take note” of the mistakes made during the coronavirus pandemic when trying to exclude unknown systemic risks, an executive at managing general agent (MGA) CFC Underwriting said.

James Burns, head of cyber strategy at the firm, said cyber underwriters needed to avoid making exclusionary wording too complicated or too specific, pointing out that UK courts have largely found in favour of customers in disputes over Covid-related business interruption claims.

“Insurers and their lawyers knew they never intended on picking up Covid but their customers did not and this did not play well in court,” Burns said.

In trying to exclude systemic infectious disease-related business interruption claims, insurers made language “specific to the scenario they were envisioning… and not the scenario that ended up happening [meaning] Covid essentially slipped between the cracks in the policy wording,” Burns said.

He continued: “The cyber market, in my opinion, should sit up and take note because the list of complex systemic risk exclusions at the back of cyber policies is long and growing.

“They tend to be scenario-specific, which can create gaps. They use highly technical language, making them difficult to understand particularly for policyholders. Many brokers and underwriters, yet alone policyholders, can struggle to pinpoint where cover starts and stops.”

War exclusions were a prime example of this, according to Burns. While he stressed recent updates to such exclusion were generally positive, they were also now more detailed and specific, which “can be a dangerous development for insurers if Covid experience is anything to go by”.

As a solution, Burns announced the launch of the UK Cyber Monitoring Centre, which CFC is proposing as an independent cyber catastrophe rating agency.

CFC initially set out its plans for a cyber ratings agency, mirroring similar structures for categorising hurricanes in the US, in December last year.

The MGA had since formed the Cyber Monitoring Centre as a distinct legal entity separate from CFC and is targeting a go-live data of January 1, 2024, Burns said. 

Related Content





Ask The Analyst

Ask The Analyst - Ask Your Question Send your question to our team of expert analysts. You can: • Ask for background information on/explanation of articles in Insurance Day * • Find out more about our views on industry developments • Ask for an interpretation of market trends • Source supplementary data relating to articles • Request explanations to further your understanding of current issues (* This relates to any Insurance Day that is included as part of your subscription) We will do the research and get back to you personally with the information you need.

Your question has been successfully sent to the email address below and we will get back as soon as possible. my@email.address.

All fields are required.

Please make sure all fields are completed.

Please make sure you have filled out all fields

Please make sure you have filled out all fields

Please enter a valid e-mail address

Please enter a valid Phone Number

Ask your question to our analysts