Why do smaller banks lean on Silent Cyber?


Walid Youssef, Deputy Head of Financial Institutions for Travelers Europe, explains how the evolving cyber risk landscape is leaving these institutions more vulnerable to cyber-attack.

Big banks have been buying dedicated cyber insurance for years. But unfortunately, this cover is tougher to sell to many small- to medium-size financial institutions. This hasn’t been true for professional services like law firms or engineering companies of different sizes. So why are smaller banks different?

They often assume they are sufficiently protected by “silent cyber” – the potential cyber protections contained within a traditional insurance policy. Although these policies are designed to cover non-cyber aspects of a business, a policy holder might still rely upon them to pay a cyber claim. For instance, a professional indemnity or civil liability policy might help cover cyber claims. But using cover in this way weakens the overall safety net, leaving less money available for what the policy is designed to protect.

What’s more, even if traditional insurance is used to cover a policyholder’s cyber breach, it often will not cover all costs associated with the event. A liability policy might cover a claim for a liability resulting from a privacy breach, but it won’t cover the costs of notifying individuals as required through GDPR, or of the IT forensic work a business would require to determine the extent of their breach. These post-breach services are often where cyber policies prove their value because the minutes and hours following a breach are the most critical in helping a business get back on track. Such support is central to stand-alone cyber policies but is not found in traditional cover.

Increasing awareness of the risks

It isn’t just the insurance industry pointing out these gaps in cyber protection. The UK government’s 2022 cyber security incentives and regulation report confirms that businesses are not going far enough to protect themselves from a breach or attack. The consequences are damaging: Among the 39% of businesses that identify breaches or attacks, one in five lose money, data or other assets. A cyber prevention framework that includes dedicated cyber insurance can help a business contain those losses and eliminate gaps in cover. As cyber risks evolve and financial institutions become more interconnected, having this protection will be increasingly important.

Some areas of the industry still have a false sense of security. As part of a regulated industry, financial institutions have generally had better cyber controls than businesses in other sectors – and a longer history with them. The financial services industry hasn’t been hit with as many ransomware claims as other industries have experienced in recent months. When the industry as a whole has yet to experience significant claims, it can be challenging to prove the value of standalone cyber insurance.

But the landscape is shifting. Ransomware, for example, started with stealing information but is now about preventing access to the insured’s critical systems, threatening to publish confidential information, and demanding multiple ransom payments in the process. The stakes are getting higher and businesses need a future-focused mindset when it comes to protecting against growing cyber risks.

As cyber threats evolve, so will insurance protection. Lloyd’s have previously voiced concerns that silent cyber poses unexpected risks to insurers’ portfolios, which will require insurers to take active steps to reduce ambiguities. We’re following the risk environment carefully so we can best support our broking partners in helping clients reduce the threats their businesses face.

The information provided in this document is for general information purposes only. It does not constitute legal or professional advice nor a recommendation to any individual or business of any product or service. Insurance coverage is governed by the actual terms and conditions of insurance as set out in the policy documentation and not by any of the information in this document


About Travelers

We wrote the first auto insurance, the first aircraft liability insurance, and even the first personal accident cover for astronauts.

In today’s fast-changing world, this  heritage of adventure really counts. With an extended network of underwriting, claims management, and industry experts in 125 countries, we’re here to insure your clients’ ambitions – no matter their size and scope. Our expertise and experience deliver policies that help them continue their journey.

With businesses facing ever more emerging and evolving issues, our suite of insurance products offers bespoke cover for each risk, and our commitment to genuine, caring partnerships means we’ll always be there to advise and support our clients and our broker partners, – whatever the future holds.

The Travelers Companies, Inc. (“TRV”) is a leading provider of property liability insurance for motor, home and business. The Group has more than 30,000 employees and operations in the United States, Canada, UK and Ireland.

The group has total assets of approximately $110 billion, shareholders’ equity of $26 billion and total revenue of $32 billion, as of December 31, 2019. Our European based operations offer our customers a wide range of coverage through Travelers Insurance Company Limited, Travelers Syndicate Management Limited (Syndicate 5000 at Lloyd’s), Travelers Underwriting Agency Limited and Travelers Insurance Designated Activity Company.