BOOK REVIEW - CYBER RISKS INSURANCE: LAW AND PRACTICE
Senior Lecturer, University of Exeter
CYBER RISKS INSURANCE: LAW AND PRACTICE. Celso de Azevedo, solicitor advocate, barrister, attorney (New York). Sweet & Maxwell, London (2019) xxxii and 284 pp,
plus 104 pp Appendices and 4 pp Index. ISBN 978-0-414-07034-9. Hardback £160.
Insurance is concerned with risk but that truism may obscure the fact that the prime concern is the financial consequences of risk. The ability to predict and to rate risks and the fallout is of particular concern in the context of cyber insurance. This “adolescent” operates in the mature adult world of insurance and is understandably posing some challenges as it finds its place in that world. In particular, there are concerns that: there is no generally accepted definition of “cyber event”; the data upon which insurers are able to rate risk are limited; and from the insured’s perspective the valuation of the assets affected is not as easily done as compared with loss of tangible assets. Moreover, cyber-attacks are entirely the outcome of human malice and such malice may be global in origin and in any event is constantly evolving. A great deal of the cover currently in existence appears to be “silent”, that is to say, embedded within more traditional cover. For the latter there are contractual construction arguments lying in wait, most notably as to the scope of cover such as “all risks” and as to the operation of exceptions such as war, terrorism and other hostile activity. The line between losses that are tangible and those that are intangible becomes particularly acute in the context of cyber insurance. Unsurprisingly then, cyber risk is one of the global challenges of particular concern to banks, governments, health service providers, universities and a wide range of commercial activities that are heavily reliant on IT. In a recent global survey of risks, Aon listed cyber-attack and data breach as the sixth-top risk; in the USA it is apparently the top risk of concern and in Europe it is currently rated eighth. The publication of this text is therefore particularly timely.
The author, as a solicitor/partner with legal practice in this area, is very well placed to provide prescient guidance in this specialist if not niche market. He is clearly well informed and knowledgeable as to current market practices and the challenges felt by those operating in insurance markets. The stated aim is to provide a guide to current law and practice. The strength of this text would appear to lie mostly in terms of the latter, because the bulk of the work is directed to mapping current policy wording and market practices across a range of commercial settings. Legal analysis takes something of a back seat to the market survey described (as to which, see, in particular, the 23 appendices illustrating typical policy wording). Legal analysis and predictions on the likely answers to legal issues are more limited; there are, for example, scant predictions or analysis as to the impact of the Insurance Act 2015, s.11 on policy terms; and there are relatively few footnote references to case law or to academic and practitioner commentary. Detailed analytical commentary may be something of a tall order, if only because much depends