1. Forms
2. CY
3. CY-20-14

What the form is

The CY 20 14 Computer Fraud endorsement is designed to be added to an ISO Commercial Cyber Insurance Policy, specifically for use with form CY 00 11 (Financial Institutions Information Security Protection Cyber Policy, though this form itself was slated to be withdrawn and its coverages potentially incorporated into newer forms like CY 00 03). Its primary purpose is to add a Computer Fraud insuring agreement to the main policy. This means it extends coverage to include losses resulting directly from computer fraud.

Classes of business it applies to

This endorsement is typically used for financial institutions that are susceptible to losses from fraudulent computer activities. Given its relation to CY 00 11, it would apply to businesses such as banks, savings institutions, securities brokers and dealers, insurance companies, finance companies, credit unions, and mortgage bankers. For example, if a bank's system is compromised through external hacking leading to fraudulent fund transfers, this endorsement, when attached to the appropriate policy, would provide coverage for the direct financial loss.

Special considerations

An important aspect of the CY 20 14 endorsement is that it does not introduce a separate sublimit of insurance for Computer Fraud. Instead, any coverage provided under this endorsement is subject to the overall policy aggregate limit of insurance. This means that losses covered under this endorsement will reduce the total amount of coverage available under the policy for all types of covered incidents. It's crucial for insureds to understand that this endorsement expands the types of covered losses but not necessarily the total insurance pool unless the aggregate limit is sufficient.

Key information for agents and underwriters

For agents and underwriters, the following points are key when considering the CY 20 14 endorsement:

• Compatibility: This endorsement is specifically designated for use with policy form CY 00 11. As ISO forms evolve, it's important to ensure that this endorsement is still current and compatible with the base policy being issued or if newer integrated solutions exist.
• Risk Assessment: The need for this endorsement highlights the insured's exposure to computer fraud. Underwriters should assess the insured's existing cybersecurity measures, internal controls, and potential vulnerabilities to computer-based fraud schemes.
• No Separate Sublimit: Agents should clearly communicate to clients that this endorsement does not create a distinct limit for computer fraud losses; these losses will erode the main policy aggregate limit. This could be a critical point in determining the adequacy of the overall policy limit.
• Pricing: The premium for this endorsement should reflect the increased scope of coverage and the specific risks of the insured financial institution related to computer fraud.
• Coverage Gaps: While this endorsement adds a specific insuring agreement, agents and underwriters should review the entire policy to identify any remaining gaps in cyber coverage, especially considering the evolving nature of cyber threats.