Are You Covered? Traditional vs Cyber Interruption Insurance

Are You Covered? Traditional vs Cyber Interruption Insurance | Property & Casualty

The recent widespread outage caused by the CrowdStrike update underscores our economy’s reliance on information technology. As businesses scramble to recover from operational and profitability setbacks, questions have surfaced about business interruption coverage. Many policyholders are discovering their business interruption coverage excludes cyber events. Discover the key differences between traditional and cyber interruption insurance to ensure your business is protected when it matters most.

Business Interruption Insurance Defined

Business interruption (BI) insurance protects against various disruptions, such as natural disasters, equipment damage and vandalism. It can assist in maintaining revenue and covering rent or lease payments, relocation costs, employee wages and loan payments. There are two options available:

  • Traditional BI coverage can complement general liability or commercial property insurance
  • Cyber BI coverage requires a cyber liability insurance policy

Understanding the distinctions between these types of protection is essential for your company to secure the most suitable coverage.

The Shifting Landscape of Business Interruptions

According to the Federal Emergency Management Agency (FEMA), 40% of companies fail to reopen after a disaster, with another 25% closing within one year. These events disrupt operations and inflict severe financial and reputational harm, highlighting the importance of being prepared. Consider these recent statistics:

  • The commercial property market faces a formidable challenge from the escalating frequency and severity of extreme weather events. Bloomberg Intelligence reports that 2023’s global insured losses from natural disasters will surpass $100 billion for the fourth consecutive year. The U.S. alone experienced a record number of billion-dollar weather and climate events, with costs exceeding $57 billion.
  • Research conducted by Cybersecurity Ventures projects that ransomware incidents will incur annual costs of up to $265 billion by 2031, with a new attack occurring approximately every two seconds.
  • The latest IBM Security report estimates that U.S. companies pay an average of $9.44M per data breach.
  • Only 30% to 40% of small business owners carry business interruption insurance.

Traditional Business Interruption (BI) Insurance

Traditional BI insurance is commonly added to a commercial property insurance policy or comprehensive insurance package. This coverage provides financial protection for potential expenses when a business is forced to suspend operations or temporarily shut down due to a covered loss. The policy may reimburse:

  • Income lost due to the disruption in operations
  • Financial obligations like mortgage, rent and taxes
  • Payroll expenses to maintain employees’ wages
  • Relocation costs associated with moving to a new or temporary location
  • Commission and training costs for replacing damaged tools or machinery
  • Additional expenses to expedite the resumption of operations

Business interruption insurance covers various risks, such as fires, theft, vandalism and certain natural disasters. It can help in scenarios like a production floor fire, where it may help reimburse lost income and employees’ wages during the temporary closure. Some insurers may also secure contingent business interruption (CBI) coverage, offering financial security for disruptions caused by covered losses among suppliers and business partners. Civil authority coverage may also compensate for expenses from government-mandated business closures.

Cyber Business Interruption (BI) Insurance

Cyber BI coverage is exclusive to standalone cyber insurance policies. As more companies embrace digital operations and invest in technology, this coverage is indispensable for protecting against cyber liabilities. Policyholders should note that this newer coverage may not come automatically with their cyber policies. Partnering with your insurance advisor is key to carefully reviewing your coverage.

Cyber BI insurance traditionally provides financial protection for costs stemming from technology failures, such as system shutdowns, network outages, data breaches, social engineering scams and ransomware attacks, as well as related operational disruptions. It may also reimburse similar expenses as traditional BI (e.g., lost income, wages).

For example, it can compensate for lost profits should your network temporarily shut down due to a ransomware attack. Coverage may also extend to financial protection for digital disruptions caused by human errors (e.g., employee downloading a computer virus) or malfunctioning software. Additionally, cyber BI coverage may reimburse expenses arising from third-party cyber events that impact software providers or cloud vendors.

Don't Wait Until It's Too Late! Download our comprehensive Ransomware Survival Guide with the knowledge and tools to navigate and recover from cyberattacks..

Key Differences Between Traditional & Cyber BI Insurance

Traditional and cyber BI policies may share similarities, but they’re not the same. The main differences include:

Coverage Triggers

Both policies have a waiting period where coverage is activated only after a certain amount of time from the loss event. Traditional BI coverage normally has a 72-hour waiting period while cyber BI events are resolved faster, with waiting periods ranging from six to 12 hours.

Period of Measurement

Calculating lost income caused by an operational disruption is crucial. While traditional BI policies primarily provide coverage over extended periods, cyber-related disruptions may only last hours or days, making it challenging to assess. Gathering detailed loss data like sales records isessential to accurately determine the period of measurement and secure sufficient reimbursement.

Period of Restoration

This begins at the onset of the disruption (e.g., property damage, initial cyber incident) and concludes when normal operations are restored (e.g., property repairs completed, digital assets restored). Determining this time limit is simple for property damage but more complex for cyber events due to unclear start and end times. Additionally, cyber insurance providers define the restoration period differently. To accurately calculate post-cyber disruption timelines, companies should:

  • Collaborate with their insurance advisor to closely review policy wording
  • Seek advice from forensic accountants
  • Evaluate additional loss elements, including:
    • Timing and resolution of cyber incidents
    • Impacted technology
    • Operational interruptions

Reputational Losses

As losses from a disaster are normally uncontrollable, reputational damage is not a concern with traditional BI losses. In contrast, with cyber BI losses, stakeholders might bear responsibility for their involvement in cyber events, particularly in cases involving data breaches or preventable security failures. Even after recovering from cyber events and digital disruptions, profit losses can persist due to decreased customer loyalty. Cyber BI policies may provide coverage for reputational losses in such scenarios.

We’re Here to Help Ensure Your Company is Covered

While traditional and cyber BI policies have their differences, both offer valuable financial protection against operational disruptions. Consult with a trusted insurance advisor to learn more about these coverage offerings and discuss their specific BI insurance needs. Connect witha member of our team for comprehensive insurance solutions tailored to your company’s needs.


© Copyright CBIZ, Inc. and CBIZ CPAs P.C. (together, “CBIZ”). All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein.

CBIZ is the brand name for CBIZ CPAs P.C. and CBIZ Advisors, LLC (together), a national professional services company providing tax, financial advisory and consulting services to individuals, tax-exempt organizations and a wide range of growth-oriented companies. CBIZ Advisors, LLC is a fully owned subsidiary of CBIZ, Inc. (NYSE: CBZ). CBIZ CPAs P.C. is an independent CPA firm that provides audit, review and attest services, and works closely with CBIZ, a business consulting, tax and financial services provider. CBIZ and CBIZ CPAs P.C. are members of Kreston Global, a global network of independent accounting firms. This publication is protected by U.S. and international copyright laws and treaties. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.

Are You Covered? Traditional vs Cyber Interruption Insurance | Property & Casualtyhttps://www.cbiz.com/Portals/0/Images/GettyImages-1442731823-1.jpg?ver=XSiT9h2SYmlwbVDMCNyMmg%3d%3dDiscover the key differences between traditional and cyber business interruption insurance to safeguard your business from cyber-related disruptions.2024-08-05T17:00:00-05:00Discover the key differences between traditional and cyberbusiness interruption insurance to safeguard your business from cyber-relateddisruptions.Risk MitigationCyber & Information SecurityProperty & Casualty InsuranceYes