ARTICLE
A new insurance headache, the end of silent cyber T
he recent round of Professional indemnity policy renewals has again seen increases of average premium between 15 -20% and this follows hard on the heels of similar increases in previous rounds as the current hard market continues. There is little appetite from insurers to enter the market and the figure for the average increase is of little comfort to those with a poor claims record who may have suffered much bigger increases. The premiums in the layers of cover above the primary layer of £2/3m have been even more expensive. There is no sign of respite, and another potential source of increased cost is coming into sight. The Prudential Regulatory Authority (PRA) and Lloyd’s of London (Lloyd’s) have required insurers to put in place action plans to reduce unintended or unclear cyber exposures. This is to provide greater assurance that the risk of cyber losses are being properly managed and priced in premiums as the risk of attacks on individuals and businesses has increased. As a result, and following consultation and long and technical debate the SRA has announced a new clause that will be added to the minimum terms and conditions of law firms’ professional indemnity insurance (PII) policies. The SRA application to the LSB states: ‘We previously consulted on whether these consumer protections remain appropriate, most recently in 2018. At that time, we proposed a package of changes, including lower indemnity limits. Following the consultation, we decided not to proceed with these changes, because we were keen to avoid unintended consequences in a
6 | The Bill of Middlesex
hardening market and where we could not be confident that the intended benefits would be realised. In that context, we said we would monitor the efficacy and impacts of our insurance arrangements. As part of this monitoring, we, as with other legal regulators, were made aware that the MTCs could be made clearer in respect of situations where law firms are subject to a cyber-attack’. New wording has been put forward designed to end ‘silent cyber’ and make clear what cover will be provided for cyber losses within the SRA standard minimum terms. Whether it will do so is not free from doubt. The objectives are to clarify the position and to: ■ maintain the current position on level of protection for consumers intended by our MTCs in the event a cyber-attack resulting in loss ■ provide clarity for insurers and law firms as to the necessary scope of cover for cyber risks that should be included in a PII policy ■ put law firms in a more informed position when reviewing the potential benefit of purchasing a separate cyber policy for other risks. The wording has been submitted to the Legal Services Board (LSB) and awaits final approval with the stated intention that it should be in place for any insurance renewals from early 2022 onwards.
