Non-Marine Cyber Case Study: Creating comprehensive risk protection for global industries

Chaucer’s non-marine cyber policies provide coverage for first- and third-party cyber losses including physical damage, data privacy breach, ransomware/extortion events and business interruption as a result of cyber events.

We are able to offer a CZ property damage line size of up to $30m and a traditional privacy CY line size of up to $15m.

Our areas of expertise include significant infrastructure industries such as energy, mining, agriculture, property, construction, manufacturing, defence and financial institutions.

Chaucer’s Cyber Centre of Excellence

Our team is a diverse and expert range of cyber professionals with over 55 years’ collective experience in insurance, government defence and cyber consultancy.

This niche experience allows us to look at each individual risk on its own merits and provide a tailored cyber insurance policy suitable to the needs of the business.

We understand that cyber threats are not just hyped conspiracies but can emerge due to a lack of awareness and training within clients’ own companies, and may involve tangible, real-world actors aiming to disrupt, destroy, and deny networks for financial gain or malicious intent.

Our Centre of Excellence, led by cyber security specialist Christopher Norwood, is focused on establishing threat intelligence, training, thought leadership, and developing our first-in-class panel of incident response capabilities for our insureds.

Learn more in our Q&A with Chris, here.

The problem

Disruption, damage, and general cyber vulnerabilities are now everyday risks for all businesses and are particularly critical for those which rely on computer operated machinery, guidance, sales or booking systems.

The public and large-scale nature of infrastructure projects such as energy supply, transportation and manufacturing mean the smallest of attacks or outages can lead to critical outcomes for a broad range of stakeholders.

Significant events include:

• 2024: Software manufacturer CDK Global suffered a ransomware attack by the BlackSuit group which disrupted over 15,000 car dealerships across North America, leading to significant operational, financial and customer service challenges.
• 2024: Romanian energy supplier Electrica Group were hit by a ransomware attack. Although critical electricity management systems were unaffected, the initiation of safety protocols led to operational disruptions, underscoring how necessary prioritisation of human safety can result in unavoidable operational impacts.

How do we approach risk assessment of clients?

When assessing new risks, we look at a client’s approach to fundamentals of cybersecurity, exploring whether their cyber hygiene is sufficient to identify, triage, react to and mitigate evolving cyber threats.

We consider whether clients have their own internal resilience at a governance level and can respond quickly to the operational disruption and the privacy impact of a cyber event, beyond the initial cyber triage response.

For example, do clients understand and monitor emerging threats and what are their third-party dependencies? This is considered at a system level for software, hardware, and cybersecurity provisions, but also more physical interdependencies such as parts manufacturing, fuel, logistics.

We work closely with clients to understand their threat landscape, mitigate their risk, and improve their resilience.

What do Chaucer’s cyber products offer?

Our coverage indemnifies insureds for a broad range of impacts following both malicious and non-malicious cyber events. This could include physical damage and consequential business interruption, data breaches, regulatory action, responding to ransomware events, as well as providing broader support from an Incident Response perspective.

Available coverage includes:

• Cyber Property Damage, Business Interruption, Extra Expenses and Debris Removal.
• First Party Expenses including Incident Response Costs, Forensic Expenses, Notification Expenses, Legal Expenses, Public Relations Expenses, Cyber Extortion and Ransomware Incident Expenses.
• Third Party Expenses including Privacy and Confidentiality Liability, Data or Software Liability, Electronic Media Liability and PCI-DSS cover.
• Business Interruption and Contingent Business Interruption Loss, including following a Voluntary Shutdown.
• Sector specific cyber specialists to respond to marine and non-marine cyber incidents.

Collaboration

We work with a range of approved specialist suppliers who assist with legal counsel, incident response management, investigation and adjusting.

Our Cyber Centre of Excellence also works collaboratively internally with the Energy, Property and Marine divisions to develop bespoke insurance solutions. It provides specialist Cyber services including security training and awareness sessions for clients who wish to make their cyber security practices more robust.

Claims Management

Real-time Incident Response utilises Chaucer’s existing in-house dedicated cyber claims professionals.

Insureds receive specialist advice on Crisis Management, Incident Response, software adjustments and replacements, cleansing, reinstatement, and reprogramming.

Chaucer’s Cyber team also maintains a close relationship with third party cyber insurance claims experts to ensure incident response is as efficient as possible.