PII – Changes to Cover in respect of cyber liability

policy wording). The intention of this part of the extension is to provide first party costs for dealing with the aftermath of a Hacker Attack. For the reasons outlined above, Scheme insurers have confirmed they can no longer accommodate these cyber risks being written as part of a PI policy. As a result, for all policies renewing under our PI Scheme facilities from 1st November 2021 onwards, the existing extension will be removed and an exclusion for cyber risks shall be applied. This exclusion will follow an agreed market standard form, published by the International Underwriting Association (‘IUA’) which consulted with most of the established PI market in arriving at a standard position. In explaining the cover, they outlined some helpful scenarios to enable a practical understanding of the intention of the exclusion. It is important to highlight that the precise circumstances of the claim that you face will ultimately determine if (and to the extent that) the policy responds. They are nevertheless a useful starting point to consider the effect of the changes: Q. Would the PI policy cover insured losses from failure to give professional advice due to a ransomware event? Generally, yes, the failure to provide advice would be an intervening step, so this is an indirect result of a Cyber Act and therefore not excluded. Q. Would the PI policy respond to claims that there was a professional error in the advice provided due to corrupt professional software? The IUA suggest that the provision of professional advice following the corruption of the data by the software is an ‘intervening step’ and therefore the basis of the claim is the provision of advice, rather than corrupt software. They would therefore expect the PI policy to cover the claim. Q. I email confidential data to an incorrect third party, is there any PI cover? Here, the IUA distinguish between claims brought under ‘Data Protection Law’, which would be excluded, and claims brought by third parties in tort, or for breach of contract, which would not be excluded by this endorsement.

Q. My systems cause the spread of malware to my clients, is there any PI cover? The intent of the endorsement would be to exclude such claims.