CL380 clauses often a problem

Cyber risk

Uncertainty around cyber exclusion clauses is eroding the value of insurance and worrying global energy firms, according to Marsh.

CL380 clauses, which are currently imposed across a broad range of energy insurance policies, means that insurers may deny energy firms’ claims for physical loss or damage stemming from cyber-related incidents, regardless of whether the motivation is accidental or malicious.

Marsh Global Energy Practice chairman Andrew George said: “Energy clients remain perplexed and frustrated by the insurance industry’s stance on CL380 clauses.

“So far, the insurance industry’s stance remains largely untested; the global energy sector has not experienced physical damage to facilities or disruption to supply that has been attributed to a cyber-related event, which is testament to its aggressive approach to risk management.

“However, the current situation is clearly unsustainable. A cyber-related incident could potentially have catastrophic consequences. Insurers must deliver innovative products that offer coverage which responds to the changing risk profile of the energy industry, not only to stay relevant, but to help their clients continue to be successful.”

In its latest Energy Market Monitor, Marsh said that as well as the threat of cyber terrorism, the key risks facing the global energy sector include rapid change in the geopolitical environment and the deployment of large scale projects.

But insurance capacity for energy firms has remained largely buoyant this year, due to the continued lack of a market-changing event and the arrival of new entrants to increase competition, Marsh said.