IUA highlights post-transaction cyber insurance risks

Warranty and indemnity insurers may be over-reliant on cyber insurance, a new report from the International Underwriting Association has warned. While cyber risks pose an increasingly potent threat in the context of mergers and acquisitions, there may be critical coverage gaps that underwriters need to consider more carefully.

The report, Cyber Risks and Warranty and Indemnity Insurance Underwriting: Do you understand your cyber exposure?, suggests that many cyber insurance policies automatically end cover when a transaction completes and often allow only a short claims reporting period despite cyber incidents frequently remaining undetected for a much longer period.

The IUA warns that W&I insurance could therefore become the primary or only source of protection for cyber-related warranty breaches.

Faye Hepburn, underwriting and claims executive at the IUA, said: “Cyber risk has evolved into a material underwriting consideration in warranty and indemnity insurance. The central finding in our new report is stark: the mere existence of a cyber insurance policy tells underwriters little about whether that coverage will respond after the closing of a transaction.

“This coverage gap can be compounded by market realities with risk analysis in practice rarely extending to penetration testing or technical validation. There must be a move beyond passive reliance on standard cyber policies and active interrogation of the nature and extent of any cover in place.”

The report provides practical guidance on assessing cyber exposure, policy wording and underwriting good practice.

The IUA's Transactional Liability Committee, which published the paper, was established in 2024 to promote good practice and improve understanding of transactional liability insurance.



Share Story:

YOU MIGHT ALSO LIKE


Resilience Rooted in Reality
In this podcast, CIR speaks to CLDigital’s Tejas Katwala about why organisations must move beyond checklist compliance to build living, data driven resilience. He explains how rethinking governance, risk and compliance, breaking down silos and focusing on value streams can create sustainable, real time resilience that is rooted in the way businesses actually operate today.

Building cyber resilience in a complex threat landscape
Cyber threats are evolving faster than ever. This episode explores how organisations can strengthen defences, embed resilience, and navigate regulatory and human challenges in an increasingly complex digital environment.