As we touched upon in our April 2021 edition of Real Talk, technology is being incorporated more and more into buildings, with the phrase 'smart buildings' becoming common parlance in the sector.

Author: Tom Draper


Much of this technology is connected to a local area network if not the internet, meaning it is as vulnerable to hackers as any other piece of modern IT equipment. This article from Tom Draper, Technology & Cyber Practice Leader, explores where the line sits between property insurance and cyber cover, and what can be done to fill any potential gaps.

The background Following two major NotPetya and WannaCry ransomware incidents in 2016, where global property insurers suffered nearly USD3 billion of losses from these cyber-events1, global regulators and reinsurers insisted that all insurers should be taking steps to reduce the unintended exposures caused by non-affirmative or ‘silent’ cyber coverage in their policies.

Lloyd’s of London issued a directive to make sure all policies provide cyber insurance cover on an affirmative or non-affirmative basis, with no ambiguity for all first party property damage policies incepting on or after 1 January 2020, and included all types of property and terrorism insurance policies. This was echoed with other global insurers, such as AIG and AXA XL, following suit.

Scenario — Cyber property claim example

Whilst the reporting of such incidents is sporadic due to lack of specific regulation, one such example from a German steel mill2 provides an excellent case study. In this scenario, a hacker successfully infiltrated the systems of a German steel mill. Once the attackers had navigated their way from the corporate to the plant network, they altered critical process components resulting in a loss of control and eventual massive physical damage to the individual control system components. This kind of property loss would now be excluded following the changes in 2020.

How Gallagher’s Cyber team can help

Our Cyber team has been working with cyber markets to place cyber property damage specific policies for clients across a range of industries and sectors. These products enable a client to secure 'buyback' cover for now affirmatively excluded cyber events (Cyber Carveback Products). These carveback products can then be aligned with your traditional corporate cyber policy and your property damage policy to help ensure there are no gaps in coverage.

These products are able to cover:

  • Cyber Property Damage
  • Breach Response Costs
  • Privacy Regulatory Fines and Penalties
  • Security and Privacy Liability
  • Cyber Extortion Costs and Ransoms
  • Non-Physical Cyber Business Interruption, including IT Ecosystem Interruption.

Our Cyber team can assist you and/or your tenants with the quantification of their cyber risk. Using in-house analytics, we are able to empower organisations to select an effective risk transfer option, and to help ensure that there are no gaps between your cyber and property covers.

Author Information