1. Forms
2. CY
3. CY-20-20

What the Form Is

The CY 20 20, titled "Additional Insured – Designated Person or Organization" (or "Designated Person or Entity" in later editions), is an endorsement used with ISO Commercial Cyber Insurance policies. Its primary function is to extend coverage under the policy to a third party (the designated person or organization) who is not the named insured. This endorsement is typically used to protect the additional insured from liability that arises specifically from the wrongful acts of the named insured or those acting on the named insured's behalf, within the scope of their duties. The coverage granted to the additional insured is often limited to vicarious liability and subject to the terms and limits of the policy and applicable law.

Classes of Business It Applies To

This endorsement can be used across various classes of business that carry a Commercial Cyber Insurance policy. It becomes particularly relevant in situations where the named insured has a contractual agreement requiring them to add another party as an additional insured. Examples include:

• Vendors and Service Providers: A company (named insured) might use a third-party vendor for data processing, cloud storage, or IT managed services. The vendor might require the company to add them as an additional insured on the company's cyber policy to cover the vendor for claims arising from the company's cyber incidents that impact the vendor.
• Clients: A technology solutions provider (named insured) might be required by a major client to be named as an additional insured on the provider's cyber policy for liabilities stemming from the provider's services.
• Business Partners: Companies engaged in joint ventures or strategic partnerships where data and systems are shared might use this endorsement to protect one partner from the cyber-related wrongful acts of the other.

Special Considerations

Several important points need to be considered when using the CY 20 20 endorsement:

• Scope of Coverage: The coverage for the additional insured is not as broad as the coverage for the named insured. It is typically limited to liability specifically resulting from the named insured's actions or inactions. It's crucial to review the specific insuring agreements that are extended to the additional insured, as these can be scheduled on the endorsement.
• Contractual Requirements: The need for this endorsement often arises from contractual obligations. The terms of the contract should be carefully reviewed to ensure the endorsement satisfies the requirements.
• Proprietary Forms: While CY 20 20 is an ISO form, many insurers offering cyber liability coverage use their own proprietary forms or modify ISO forms. It is essential to scrutinize the specific language of the additional insured endorsement being used by the insurer to understand the exact scope of coverage, any limitations, or exclusions that might apply to the additional insured.
• Wrongful Acts: Coverage is contingent on the loss being caused by the named insured's "wrongful acts" or those acting on their behalf. The definition of "wrongful act" in the main policy form will be critical.

Key Information for Agents and Underwriters

Agents and underwriters should pay close attention to the following when dealing with the CY 20 20 endorsement:

• Risk Assessment: Underwriters need to assess the relationship between the named insured and the proposed additional insured. The nature of this relationship and the potential for the additional insured to be drawn into claims stemming from the named insured's cyber incidents will influence the underwriting decision and potentially the pricing.
• Defining the Designated Entity: Ensure the person or organization to be added is clearly and accurately designated in the endorsement schedule.
• Coverage Gaps: Agents should explain the limitations of the coverage provided to the additional insured. The additional insured should understand that this endorsement does not cover their own direct cyber liability arising from their own separate wrongful acts.
• Underlying Policy Terms: All coverage provided by this endorsement is subject to the limits, conditions, exclusions, and other terms of the underlying cyber insurance policy.
• Premium Implications: Adding an additional insured might have premium implications, depending on the insurer's underwriting guidelines and the perceived increase in risk.
• Alternative to Own Insurance: This endorsement is not a substitute for the additional insured having its own comprehensive cyber insurance policy.