Insurers should move away from bundling in cyber protection with other lines given the pandemic-driven step-change in the complexity and size of potential risks, S&P Global Ratings says.

Existing property or liability policies often don’t explicitly include or exclude cyber, leading to the risk of “silent cyber” protection and potential claims where insurance was never intended.

“Even when the inclusion of cyber cover is explicit, a lack of transparency in both the policy’s definition of cyber events and its terms and conditions creates uncertainty about the scope of the cover,” S&P says.

“The importance of transparency and clear wording in policies became evident last year, when some insurers suffered reputational damage after rejecting policyholders' business interruption claims amid the pandemic.”

S&P says bundling cyber into traditional policies only muddies the waters, and the development of stand-alone products would reduce the problem by clarifying the scope of the cover.

“Even better would be the development of a stand-alone cyber line of business managed via a cyber centre of excellence,” it says in a report titled “Cyber risk in a new era: Let’s not be quiet about insurers’ exposure to silent cyber”.

A stand-alone focus would improve data collection and research and assist with risks management, S&P says.

“Despite the challenges, we believe that insurers have the flexibility to cautiously expand their cyber insurance, as long as they can support the growth in demand at a reasonable cost,” it says.

“Cyber insurance has the potential to become a growth driver for the industry and boost its reputation at the same time.”