Insurance giant American International Group (AIG) announced on Wednesday that it has expanded its cyber insurance offering to include property damage and bodily injury that could be caused as a result of cyber attacks.
The new cyber offering is designed to provide its commercial customers a way to manage physical risks to their operations from cyber attacks and cyber security failures.
“AIG’s expanded cyber insurance solution, CyberEdge PC, is a response to growing incidents and threats of cyber attacks directed at commercial industries that can lead to equipment failure, physical damage to property, and physical harm to people,” AIG said in its announcement. “It offers broad coverage limits and terms typically not available in stand-alone cyber data breach policies.”
As SecurityWeek columnist, Dr. Mike Lloyd, noted in a recent column, Lloyd’s of London has reportedly seen a big increase in requests for coverage, especially from SCADA industrial and power plants, but as they review applicants, they have refused most of them, due to the fact that assessments of the cyber-defenses in place concluded that protections were inadequate.
“In the last year or so we have seen a huge increase in demand from energy and utility companies,” Laila Khudari, an underwriter at the Kiln Syndicate, which offers cover via Lloyd’s of London, told the BBC.
“We would not want insurance to be a substitute for security,” she added.
AIG said that its new offering addresses coverage gaps in property, casualty, energy, aerospace, marine, environmental, healthcare, and financial lines policies, where cyber-related exposures may be excluded or coverage too limited.
CyberEdge PC supports the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, AIG said.
Released in early 2014, the framework is designed to help companies in critical infrastructure industries strengthen cyber risk management programs to protect information and physical assets from cyber attack.
“Cyber risk goes well beyond data privacy concerns covered by stand-alone cyber insurance offerings prevalent in the market,” said Tracie Grella, Global Head of Professional Liability at AIG.”The physical risk of a cyber attack or cyber event to property and people is very real, and it can now be specifically and unambiguously addressed with expanded cyber insurance coverage that dovetails with existing insurance.”
As part of the offering, customers receive access to AIG’s 24/7 hotline for support during a cyber event, risk mitigation tools and services, specific property and casualty cyber underwriting expertise, dedicated claims handlers, and the expert services of attorneys and other vendors that specialize in handling cyber-related events.
CyberEdge PC is an extension of AIG’s CyberEdge product line, which has been providing stand-alone insurance coverage since 1999 to help customers manage risks associated with data breaches by covering costs of forensic investigations, credit monitoring, reputation management, business interruption, and compliance with state breach notification laws.
Related: Cyber Risks Can Cause Disruption on Scale of 2008 Crisis: Study
Related: When Your Insurer Says “Um, No” to Cyber Protection
