The market for cyber business interruption cover is complex and the protection offered by different policies can vary widely so it is important to check policy wording carefully.
That is according to a new report from the International Underwriting Association, which warns that most current business interruption coverages are standalone policy extensions, the triggers for which are separately defined in the contract wording.
“The continued education of businesses about cyber risk exposures is an essential task, both at an operational risk management level and in the boardroom,” said Matthew Hogg, Chairman of the IUA Cyber Underwriting Group.
“As cyber is a relatively new and continually developing area of insurance the range of different cover available can be quite extensive. It is not available as standard across the market and so requires a discussion between clients, brokers and underwriters to ensure that policy wordings meet business needs and will respond appropriately in the event of a loss.”
Risk assessment
In the new report, companies are warned that not all triggers are included in every policy and that it is important, therefore, to perform an effective risk assessment before considering coverage options.
Titled ‘Cyber Insurance and Business Interruption’ the report discusses how business interruption policies may respond to cyber incidents compared to more traditional classes of business.
Among the issues discussed in the IUA’s report are the period of loss covered by policies, how they may calculate loss of revenue, waiting periods and deductibles and methods for measuring the period of interruption.
The document, produced in association with RGL Forensics, also considers contingent cyber business interruption.
Copies are available from www.iua.co.uk/cyberbusinessinterruption
By Anne-Marie Causer
