Cyber risks are gaining greater significance on boardroom agendas. However, computer crime is not new. In 1978, a computer consultant stole over $10m from Security Pacific Bank by electronic transfer – the world's first major computer crime. The Lloyd's market responded to this new risk by issuing the first "Electronics and Computer Crime" insurance policy ("ECC") in 1982 - arguably the oldest "cyber" product in the market.
ECCs typically provide coverage for financial losses caused by computer system frauds, payment or transfers resulting from fraudulent computer instructions, loss of data and electronic media, computer viruses, and forged communications.
The electronic risks faced by financial institutions in the 1980s are far removed from those faced today. The use of computers, smart phones, and other electronic devices has changed dramatically over the past few decades and continues to do so.
ECC wordings may not be suitable for all of the electronic risks faced by today's financial institutions. For example, what devices are considered to be computers? Are smart phones or tablets included? What about BYOD? What activity constitutes a crime? Would the activities of rogue employees be covered? Insurers should also keep proposal forms relevant and seek details of the Insured's current IT standards, certifications, audits and practices.
Latin America offers huge opportunities for cyber insurers, though take-up remains slow, due in part to a limited awareness of cyber risks. However, computer crime remains high on the boardroom agenda of most financial institutions. Care should be taken to ensure that the policy wording is appropriate to the ever-changing technology relied on by those institutions, and the increasing sophistication of those who wish to do them harm.