The market for cyber business interruption cover is complex and the protection offered by different policies can vary widely, according to a new report from the International Underwriting Association.
Most current business interruption coverages are standalone policy extensions, the triggers for which are separately defined in the contract wording. There are many such potential triggers including, for example, unauthorised access to a network, cyber extortion or system failure.
In the new report from the IUA’s Cyber Underwriting Group, companies are warned that not all triggers are included in every policy and that it is important, therefore, to perform an effective risk assessment before considering coverage options. Titled ‘Cyber Insurance and Business Interruption’ the report discusses how business interruption policies may respond to cyber incidents compared to more traditional classes of business.
Matthew Hogg, Chairman of the IUA Cyber Underwriting Group, said: “The continued education of businesses about cyber risk exposures is an essential task, both at an operational risk management level and in the boardroom.
“As cyber is a relatively new and continually developing area of insurance the range of different cover available can be quite extensive. It is not available as standard across the market and so requires a discussion between clients, brokers and underwriters to ensure that policy wordings meet business needs and will respond appropriately in the event of a loss.”
Among the issues discussed in the IUA’s report are the period of loss covered by policies, how they may calculate loss of revenue, waiting periods and deductibles and methods for measuring the period of interruption. The document, produced in association with RGL Forensics, also considers contingent cyber business interruption. Copies are available from www.iua.co.uk/cyberbusinessinterruption.