Business interruption coverage is a critical protection from ransomware attacks, and is included in most comprehensive Cyber Insurance policies. However, some Cyber Insurance policies and endorsements do not include business interruption coverage, and business interruption coverage provided in a property policy typically does not respond to cyber attacks.
As the frequency of ransomware attacks has spiked and resulting operational disruptions have become more frequent, business interruption coverage in a Cyber Insurance policy has become more important (see prior post and here). In addition, resulting operational disruptions have become more severe and can have significant financial consequences. A Cyber Insurance policy with comprehensive business interruption coverage can be an essential protection.
The business interruption coverage in a comprehensive Cyber Insurance policy is not exactly the same as traditional business interruption coverage. An Insurance Journal article points out some key differences, which include:
- Period of measurement – a potentially shorter disruption period may require more detailed information to accurately calculate the loss
- Personnel involved – it is likely that IT Personnel will need to assist in the assessment of the business interruption loss
- Reputational risk – depending on how the cyber attack disrupts operations, it is possible that the organization’s brand is negatively impacted resulting in ongoing financial losses.
- Loss Trigger – the loss may occur at a third party provider (think web hosting service), sometimes referred to as contingent or dependent business interruption
Business interruption losses make up a significant part of total Cyber claims, currently approximately 35% of the cost of a breach (see here).
What can be done to mitigate both the likelihood of a ransomware attack and the financial loss and operating disruption? Here are a few recommendations that experts typically provide:
- Pre-Loss Planning – Spend time planning for a disruption and response plan like any other catastrophic event, including the financial impact of a shutdown.
- Strong Cyber Security – obvious cyber security protections, such as timely patching, employee training, redundancy, effective backups and continuous monitoring, should be rigorously applied
- Cyber Insurance – Ensure your Cyber Insurance is comprehensive, the coverage is suited to your business, and the business interruption provisions are robust.
Try our online Cyber Insurance Quoting Portal for same day quotes. We look forward to working with you!