Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyber Insurance

AIG Expands Coverage to Include Physical Damage Caused By Cyber Attacks

Insurance giant American International Group (AIG) announced on Wednesday that it has expanded its cyber insurance offering to include property damage and bodily injury that could be caused as a result of cyber attacks.

Insurance giant American International Group (AIG) announced on Wednesday that it has expanded its cyber insurance offering to include property damage and bodily injury that could be caused as a result of cyber attacks.

The new cyber offering is designed to provide its commercial customers a way to manage physical risks to their operations from cyber attacks and cyber security failures.

AIG Cyber Insurance“AIG’s expanded cyber insurance solution, CyberEdge PC, is a response to growing incidents and threats of cyber attacks directed at commercial industries that can lead to equipment failure, physical damage to property, and physical harm to people,” AIG said in its announcement. “It offers broad coverage limits and terms typically not available in stand-alone cyber data breach policies.”

As SecurityWeek columnist, Dr. Mike Lloyd, noted in a recent column, Lloyd’s of London has reportedly seen a big increase in requests for coverage, especially from SCADA industrial and power plants, but as they review applicants, they have refused most of them, due to the fact that assessments of the cyber-defenses in place concluded that protections were inadequate.

“In the last year or so we have seen a huge increase in demand from energy and utility companies,” Laila Khudari, an underwriter at the Kiln Syndicate, which offers cover via Lloyd’s of London, told the BBC.

“We would not want insurance to be a substitute for security,” she added.

AIG said that its new offering addresses coverage gaps in property, casualty, energy, aerospace, marine, environmental, healthcare, and financial lines policies, where cyber-related exposures may be excluded or coverage too limited.

CyberEdge PC supports the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, AIG said.

Released in early 2014, the framework is designed to help companies in critical infrastructure industries strengthen cyber risk management programs to protect information and physical assets from cyber attack.

“Cyber risk goes well beyond data privacy concerns covered by stand-alone cyber insurance offerings prevalent in the market,” said Tracie Grella, Global Head of Professional Liability at AIG.”The physical risk of a cyber attack or cyber event to property and people is very real, and it can now be specifically and unambiguously addressed with expanded cyber insurance coverage that dovetails with existing insurance.” 

As part of the offering, customers receive access to AIG’s 24/7 hotline for support during a cyber event, risk mitigation tools and services, specific property and casualty cyber underwriting expertise, dedicated claims handlers, and the expert services of attorneys and other vendors that specialize in handling cyber-related events.

CyberEdge PC is an extension of AIG’s CyberEdge product line, which has been providing stand-alone insurance coverage since 1999 to help customers manage risks associated with data breaches by covering costs of forensic investigations, credit monitoring, reputation management, business interruption, and compliance with state breach notification laws. 

Related: Cyber Risks Can Cause Disruption on Scale of 2008 Crisis: Study

Related: When Your Insurer Says “Um, No” to Cyber Protection

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.