Coverage Considerations
Notice provisions remain a significant consideration for professional liability policyholders, particularly as technology E&O exposures continue to increase for clients that were not traditionally providers of professional services. Understanding the distinction between “claims made” and “claims made and reported” notice provisions may be critical as late notice is among one of the most common causes of claims friction with E&O policies.
Further complicating matters is the occasional inclusion of “occurrence” terminology within claims made and claims made and reported notice language, particularly with respect to technology failures or security issues that give rise to professional liability claims. The inclusion of such occurrence wording does not in and of itself convert these policies to occurrence-based forms, further underscoring the need for clients to understand the various nuances of notice obligations under their policy.
Insurers are reviewing their overall exposure to systemic, aggregated and correlated risks related to the software supply chain after the SolarWinds compromise. Several insurers are reviewing the breadth of coverage afforded for BI losses with a specific mind toward limiting their financial exposure to a systemic event in the following ways:
- Reconsidering waiting periods. In many cases, waiting periods had been negotiated to between six and eight hours (and in some instances removed entirely). The marketplace is beginning to push for waiting periods closer to 24 hours, such as those seen in the property marketplace.
- Limiting aggregate limit exposure, achieved through the reintroduction of sub-limits or requirement of coinsurance.
As loss ratios deteriorate, insurers closely review third-party vendor costs incurred to investigate and respond to cyber incidents. To reduce (or at least combat the increase in) these costs, many insurers demonstrate less flexibility in using non-panel or pre-agreed vendors.
In addition to more challenges related to the use of non-panel vendors — particularly if there was no discussion/vetting of the vendor before the vendor’s engagement for an incident — insurers are making fewer exceptions related to vendor rates. It is becoming increasingly common for insurers only to reimburse an amount equal to what the insurer would have paid a panel vendor.
Insurers are also scrutinizing BI coverage for non-IT service providers. At best, insurers impose heightened underwriting requirements with restricted cover (such as scheduled vendors only and/or sub-limits). At worst, some clients are experiencing removal of cover as certain markets seek to move away from this offering entirely.
Finally, the geopolitical landscape has resulted in myriad questions and concerns around how insurers will not only respond to cyber claims, but also whether insurers will revisit their approach to war exclusions and sanctions clauses in their policies. While there have not been uniform war exclusions in cyber policies to date, we continue to monitor whether any changes are forthcoming and whether any such changes result in a more fragmented approach to war exclusions.
“
As loss ratios deteriorate, insurers closely review third-party vendor costs incurred to investigate and respond to cyber incidents.
©2022 Aon plc. All rights reserved | Contact Us | Privacy Policy | Legal