Cyber business interruption risks should receive the same level of attention as that given to information technology security controls and ransomware threats, a new report by the International Underwriting Association has stated.
Research conducted by the market body in association with Baker Tilly analyses claims experiences from the last few years. It concludes that whilst understanding of cyber business interruption has come a long way, there is still work to be done to improve the claims experience for both insurers and policyholders.
Helen Dalziel, Director of Public Policy at the IUA, said: “The cyber insurance market has handled a significant increase in business interruption claims in recent years, both in terms of volume and value.
“In 2024 alone we have seen the Change Healthcare, CDK and CrowdStrike events, highlighting the importance of cover for such risks and the threat of systemic risks. Our new report seeks to identify the challenges that arise when calculating cyber business interruption losses and how they can be addressed in future.”
Ben Hobby, Principal at Baker Tilly, said: “We are delighted to again collaborate with the IUA in helping to share some of the experiences and knowledge we have learned from the cyber claims that we have handled.
“Business interruption cover is a critical part of a cyber insurance policy and can be a significant part of any claim settlement. We therefore consider it critical to the cyber insurance market’s continued success to share these experiences so that cyber business interruption and the resulting financial exposures are better understood.”
The IUA’s Cyber Underwriting Group first published a Business Interruption report in 2018 which provided an overview of the subject and the principles of how a loss would be calculated. The new updated publication for 2025 is freely available to download at iua.co.uk/cyber.
