Affirmative Cyber
Explicit, intentional cyber coverage written into a policy with clear terms, conditions, and limits for cyber-related losses.
What It Is
Affirmative cyber refers to insurance coverage that explicitly and intentionally addresses cyber risks with clearly defined terms, conditions, limits, and exclusions. This stands in contrast to silent cyber, where coverage for cyber events is ambiguous. Affirmative cyber can take the form of a standalone cyber liability policy or explicit cyber coverage endorsements added to traditional property, liability, or professional lines policies.
The movement toward affirmative cyber accelerated after Lloyd's Market Bulletin Y5258 in 2019, which required all Lloyd's syndicates to provide clarity on cyber coverage in all policies. Carriers must now either explicitly include cyber coverage with defined terms and limits or explicitly exclude it. This binary approach eliminates the ambiguity that led to costly coverage disputes under silent cyber.
Standalone cyber policies are the most common form of affirmative cyber, providing dedicated limits and comprehensive coverage terms. However, some carriers also offer affirmative cyber endorsements on property policies that provide limited cyber coverage (such as cyber-caused physical damage) within the property program, supplementing the standalone cyber policy.
Why It Matters for Brokers
Brokers should build every client's program around affirmative cyber coverage rather than hoping traditional policies might respond. Affirmative cyber provides certainty of coverage, defined limits, access to breach response services, and a clear claims process. As more carriers add cyber exclusions to traditional lines, clients without affirmative cyber face expanding gaps in their overall program.
Real-World Example
A broker reviews a mid-market manufacturing account and finds: the property policy added a cyber exclusion at last renewal, the GL policy excludes data breach claims, and there is no standalone cyber policy. The broker places a $3M standalone cyber policy at $18,500 annual premium, providing affirmative coverage for breach response, cyber BI, ransomware, and third-party liability. The client now has clear, defined coverage instead of relying on ambiguous policy language.
Common Mistakes
- 1Treating a cyber endorsement on a property policy as a substitute for a standalone cyber policy when the endorsement only covers cyber-caused physical damage and not data breaches or network liability.
- 2Failing to coordinate affirmative cyber coverage with cyber exclusions being added to traditional lines at renewal, creating timing gaps.
How brokerageaudit.com Handles This
brokerageaudit.com's Policy Checker maps affirmative cyber coverage across all policies in a client's program, identifying both standalone cyber policies and cyber endorsements on traditional lines. The system creates a unified cyber coverage summary showing exactly which cyber risks are covered, by which policy, and at what limits.