Cyber business interruption exposures escalate claims
Business interruption claims can add substantial costs to cyber incidents and take time to reconcile, insurance and technology experts say.
Carefully crafted policy wordings and prudent response and restoration decisions can help mitigate the costs, they said last week at the 2024 NetDiligence annual cyber summit in Philadelphia.
In 2023, the average cyber claim in the US involving business interruption was 270% higher than one that did not include lost income claims. In addition, the five-year average cost of a claim with a business interruption element was over 450% higher than a claim without those losses, according to the 2024 NetDiligence Cyber Claims Study.
The study was based on an analysis of about 10,500 claims between 2019 and 2023, with 98% of those claims submitted by US small and medium-sized enterprises.
Cyber-related business interruption losses occur when an organisation experiences an event such as a ransomware attack that wholly or partly disables its operations or when an entity a business relies on experiences an incident causing that business to experience a loss, known as contingent business interruption, said Julia Verdi, manager, claims, and head of claims education for At-Bay.
Most cyber policies cover both types of losses, Verdi added.
One frequently disputed area is coverage for “extra expense”, which is ancillary costs incurred by a policyholder due to a cyber incident, said Jane Warring, partner with law firm Zelle LLP. She recommends agreeing on precise policy wordings to avoid disputes between insurers and policyholders, using language such as “reasonable and necessary” to define covered expenses.
Cyber breach victims sometimes rush to replace compromised hardware, said Lee Trott, director of cybersecurity company Moxfive. This sometimes costly approach can be avoided through precise analysis of a policyholder’s existing assets and careful consideration of alternatives.
The first 24 to 48 hours after an incident is the “stormy phase”, when things can be the most hectic and decisions get made hastily, he said.
“Most recently, we had a scenario where we were working with an insured that wanted to go out and buy new storage. We really encouraged them to take a step back. They had hardware on site that they could use,” Trott said in one example of an extra expense that could be avoided.
Communication with policyholders and other stakeholders is vital in seeking to understand the figures, said Harriet Bateman, director with consulting firm Baker Tilly’s forensic, litigation and valuation services practice.
“We have the numbers side of things, but that’s worthless without having those conversations with insureds, making sure we fully understand exactly what’s happened in the business and that we’re interpreting the data correctly. We need time to make sure we’re educated,” she said.
The process can be time consuming, Bateman said.
“Those conversations do take time, and there’s the back and forth” over any additional requests for documentation and subsequent negotiations, she said.
There is no standard list of documents to request or a checklist because each business and incident is different, Bateman said.
“There’s not a one-size-fits-all,” she said, emphasising that different businesses may require other documentation and data.
This article first appeared on our sister website Business Insurance. For further news from Business Insurance, please click here.