The recent widespread outage caused by the CrowdStrike update underscores our economy’s reliance on information technology. As businesses scramble to recover from operational and profitability setbacks, questions have surfaced about business interruption coverage. Many policyholders are discovering their business interruption coverage excludes cyber events. Discover the key differences between traditional and cyber interruption insurance to ensure your business is protected when it matters most.
Business Interruption Insurance Defined
Business interruption (BI) insurance protects against various disruptions, such as natural disasters, equipment damage and vandalism. It can assist in maintaining revenue and covering rent or lease payments, relocation costs, employee wages and loan payments. There are two options available:
- Traditional BI coverage can complement general liability or commercial property insurance
- Cyber BI coverage requires a cyber liability insurance policy
Understanding the distinctions between these types of protection is essential for your company to secure the most suitable coverage.
The Shifting Landscape of Business Interruptions
According to the Federal Emergency Management Agency (FEMA), 40% of companies fail to reopen after a disaster, with another 25% closing within one year. These events disrupt operations and inflict severe financial and reputational harm, highlighting the importance of being prepared. Consider these recent statistics:
- The commercial property market faces a formidable challenge from the escalating frequency and severity of extreme weather events. Bloomberg Intelligence reports that 2023’s global insured losses from natural disasters will surpass $100 billion for the fourth consecutive year. The U.S. alone experienced a record number of billion-dollar weather and climate events, with costs exceeding $57 billion.
- Research conducted by Cybersecurity Ventures projects that ransomware incidents will incur annual costs of up to $265 billion by 2031, with a new attack occurring approximately every two seconds.
- The latest IBM Security report estimates that U.S. companies pay an average of $9.44M per data breach.
- Only 30% to 40% of small business owners carry business interruption insurance.
Traditional Business Interruption (BI) Insurance
Traditional BI insurance is commonly added to a commercial property insurance policy or comprehensive insurance package. This coverage provides financial protection for potential expenses when a business is forced to suspend operations or temporarily shut down due to a covered loss. The policy may reimburse:
- Income lost due to the disruption in operations
- Financial obligations like mortgage, rent and taxes
- Payroll expenses to maintain employees’ wages
- Relocation costs associated with moving to a new or temporary location
- Commission and training costs for replacing damaged tools or machinery
- Additional expenses to expedite the resumption of operations
Business interruption insurance covers various risks, such as fires, theft, vandalism and certain natural disasters. It can help in scenarios like a production floor fire, where it may help reimburse lost income and employees’ wages during the temporary closure. Some insurers may also secure contingent business interruption (CBI) coverage, offering financial security for disruptions caused by covered losses among suppliers and business partners. Civil authority coverage may also compensate for expenses from government-mandated business closures.
Cyber Business Interruption (BI) Insurance
Cyber BI coverage is exclusive to standalone cyber insurance policies. As more companies embrace digital operations and invest in technology, this coverage is indispensable for protecting against cyber liabilities. Policyholders should note that this newer coverage may not come automatically with their cyber policies. Partnering with your insurance advisor is key to carefully reviewing your coverage.
Cyber BI insurance traditionally provides financial protection for costs stemming from technology failures, such as system shutdowns, network outages, data breaches, social engineering scams and ransomware attacks, as well as related operational disruptions. It may also reimburse similar expenses as traditional BI (e.g., lost income, wages).
For example, it can compensate for lost profits should your network temporarily shut down due to a ransomware attack. Coverage may also extend to financial protection for digital disruptions caused by human errors (e.g., employee downloading a computer virus) or malfunctioning software. Additionally, cyber BI coverage may reimburse expenses arising from third-party cyber events that impact software providers or cloud vendors.
Don't Wait Until It's Too Late! Download our comprehensive Ransomware Survival Guide with the knowledge and tools to navigate and recover from cyberattacks..
Key Differences Between Traditional & Cyber BI Insurance
Traditional and cyber BI policies may share similarities, but they’re not the same. The main differences include:
Coverage Triggers
Both policies have a waiting period where coverage is activated only after a certain amount of time from the loss event. Traditional BI coverage normally has a 72-hour waiting period while cyber BI events are resolved faster, with waiting periods ranging from six to 12 hours.
Period of Measurement
Calculating lost income caused by an operational disruption is crucial. While traditional BI policies primarily provide coverage over extended periods, cyber-related disruptions may only last hours or days, making it challenging to assess. Gathering detailed loss data like sales records isessential to accurately determine the period of measurement and secure sufficient reimbursement.
Period of Restoration
This begins at the onset of the disruption (e.g., property damage, initial cyber incident) and concludes when normal operations are restored (e.g., property repairs completed, digital assets restored). Determining this time limit is simple for property damage but more complex for cyber events due to unclear start and end times. Additionally, cyber insurance providers define the restoration period differently. To accurately calculate post-cyber disruption timelines, companies should:
- Collaborate with their insurance advisor to closely review policy wording
- Seek advice from forensic accountants
- Evaluate additional loss elements, including:
- Timing and resolution of cyber incidents
- Impacted technology
- Operational interruptions
Reputational Losses
As losses from a disaster are normally uncontrollable, reputational damage is not a concern with traditional BI losses. In contrast, with cyber BI losses, stakeholders might bear responsibility for their involvement in cyber events, particularly in cases involving data breaches or preventable security failures. Even after recovering from cyber events and digital disruptions, profit losses can persist due to decreased customer loyalty. Cyber BI policies may provide coverage for reputational losses in such scenarios.
We’re Here to Help Ensure Your Company is Covered
While traditional and cyber BI policies have their differences, both offer valuable financial protection against operational disruptions. Consult with a trusted insurance advisor to learn more about these coverage offerings and discuss their specific BI insurance needs. Connect witha member of our team for comprehensive insurance solutions tailored to your company’s needs.