The new European President for Berkshire Hathaway Specialty Insurance, formerly Lloyd’s performance director, Tom Bolt, has commented that insurers are becoming increasingly aware of the cyber risks they may be exposed to through writing other classes of business. Bolt was speaking at the Verisk Risk Symposium, and stated that the development of a common language for cyber exposures and losses would be an important part of product development across the London market.
In his role at Lloyd’s, in November 2015, Bolt oversaw the launch of a market wide assessment of syndicate exposures, which required each syndicate to report its cyber exposures across all classes of business. The assessment was part of a goal to develop an oversight framework for cyber, with the market targeting structured processes for understanding cyber attack exposures by class of business which will form part of syndicates’ formal risk management frameworks. In addition, all syndicates had to submit a risk appetite for cyber attack business signed off by their boards. Lloyd’s, in collaboration with the Lloyd’s Market Association (LMA), is working towards developing probable maximum loss methodologies for cyber exposures by class, which will be fed into the development of new realistic disaster scenarios. In January, Lloyd’s announced that common core data requirements for cyber risks have been agreed through modelling firms AIR Worldwide and RMS and the Cambridge Centre of Risk Studies.
Although the majority of policies written in the London market address cyber risks, many US policies are silent on it, containing no language to either exclude or cover cyber risks. The extent to which cyber exposures may be covered by policies without underwriters realising it may be far more widespread than underwriters might think.