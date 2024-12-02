Mactavish, a company that advises organisations of all sizes on their insurance requirements, has recently launched a new Cyber Risk Consulting Practice. The study reviewed dozens of ‘off-the-shelf’ cyber insurance policies and identified seven significant common flaws:

Cover can be limited to events triggered by attacks or unauthorised activity – excluding cover for issues caused by accidental errors or omissions; Data breach costs can be limited – e.g. covering only costs that the business is strictly legally required to incur (as opposed to much greater costs which would be incurred in practice); Systems interruption cover can be limited to only the brief period of actual network interruption, providing no cover for the more significant knock-on revenue impact in the period after IT systems are restored but the business is still disrupted; Cover for systems delivered by outsourced service providers (many businesses’ most significant exposure) varies significantly and is often limited or excluded; Exclusions for software in development or systems being rolled out are common and can be unclear or in the worst cases exclude events relating to any recently updated systems; Where contractors cause issues (e.g. a data breach) but the business is legally responsible, policies will sometimes not respond; Notification requirements are often complex and onerous.

Mactavish has been closely involved with the project to reform commercial insurance law in the UK, an eight-year programme which culminated in the Insurance Act 2015, according to the official press release.