Business interruption coverage is a standard coverage part in comprehensive Cyber Risk Insurance policies and has become a critical financial protection from ransomware attacks. You expect business interruption in a property policy, and likewise you should expect it in a Cyber Risk Insurance policy. But some Cyber Risk Insurance policies do not include much if any business interruption coverage, and the coverage that is provided vary.
Business interruption coverage has become more important as the frequency of ransomware attacks has spiked and resulting operational disruptions have become more frequent (here). In addition, these operational disruptions have become more severe. A severe operational disruption, a likely outcome of a successful ransomware attack, can have significant financial consequences. A Cyber Risk Insurance policy with robust business interruption coverage is an essential protection.
What could happen? Here are a few ransomware examples:
- A municipality is crippled (here).
- A hospital cannot access medical records and is forced to turn away patients (here, here)
- Database users data is being stolen and held for ransom payments (here)
- A school district may be subject to an attack (here)
- Colonial Pipeline (here)
Business interruption insurance typically provides coverage for loss of income and extra expense incurred from a shutdown in the operation of the insured (here). Business interruption coverage is typically found in property policies (or package policies) and triggered by property losses, and these types of policies typically do not respond to cyber attacks. Comprehensive Cyber Risk Insurance policies may include a version of business interruption coverage that responds to cyber attacks.
Note that Cyber Risk Insurance coverages vary considerably, and some policies do not contain business interruption (a few do not even respond to ransomware attacks). Getting the right coverage is critical – use an expert advisor.
The business interruption coverage in a comprehensive Cyber Risk policy is not exactly the same as traditional business interruption coverage. An Insurance Journal article, “5 Ways Cyber Business Interruption Differs from Traditional Business Interruption: RIMS,” article points out some key differences, which include:
- Period of measurement – a potentially shorter disruption period may require more detailed information to accurately calculate the loss
- Personnel involved – it is likely that IT Personnel will need to assist in the assessment of the business interruption loss
- Reputational risk – depending on how the cyber attack disrupts operations, it is possible that the organization’s brand is negatively impacted resulting in ongoing financial losses
- Loss Trigger – the loss may occur at a third party provider (think web hosting service), sometimes referred to as contingent or dependent business interruption
Ransomware attacks have been increasing significantly.
Cyber-security firm Emsisoft sees a roughly 12.4% jump in victims saying they were hit last year, compared with 2019. The amount of ransom being demanded nearly doubled in 2020, according to Group-IB… Premiums for standalone cyber policies were up 28% in 2020 compared to a year earlier and have increased about 76% since 2016, according to ratings firm AM Best. (see here)
Ransomware attacks increased 485% in 2020 globally, according to Bitfdefender, accounting for nearly one-quarter of all cyber incidents, with total global costs estimated at $20 billion, per Purple Sec… The average ransom payment in 1Q21 [was] $220,298, up 43% from 4Q19, according to Coveware. (see here)
No type of organization is free of exposure, but some types of businesses have a higher rate of attack:
Professional services firms, such as small law and financial services firms, are popular targets of ransomware attacks as they typically possess valuable personal identifiable information, payment data, or intellectual property. Cyber attacks against schools, local government healthcare providers more than doubled to 2,354 in 2020 from 966 in 2019, according to Emsisoft. (see here)
Business interruption losses make up a significant part of total Cyber Risk claims:
Business interruption losses are now 35% of the cost of a breach (see here).
What can be done to mitigate both the likelihood of a ransomware attack and the financial loss and operating disruption? Here are a few ideas:
- Pre-Loss Planning – Spend time planning for a disruption and response plan like any other catastrophic event, including the financial impact of a shutdown.
- Strong Cyber Security – obvious cyber security protections, such as timely patching, employee training, redundancy, effective backups and continuous monitoring, should be rigorously applied
- Cyber Risk Insurance – Ensure your Cyber Risk insurance is comprehensive, the coverage is suited to your business, and the business interruption provisions are robust.
Specialty Insurance Blog – News & Commentary on Specialty Insurance – with an Emphasis on Professional Liability Insurance
Also, see the related Innovate Insurance Blog – Innovation & Entrepreneurship in Insurance