Are You Covered for Cyber Business Interruption?

Posted by Mike Grant, Director, Technology Practice on October 5, 2015 at 10:00 AM

iStock_000024086772Large-4By nature, great white sharks must keep moving to stay alive. It’s simply how they are built. Like great whites, businesses must stay in motion too, doing business each day in order to thrive. In today’s tech-filled society, computers, software programs and the cloud are critical to keeping things in motion for most businesses.

Even a short period of unscheduled downtime can wreak havoc on a business and, sometimes, it can be downright deadly. In the past, physical threats like fire, theft and water damage were the common perils business owners faced.  If your business was interrupted by one of these hazards, the property policy including business interruption would respond and help you get back on your feet.

In today’s hyper-connected marketplace, threats capable of shutting down your business often come in more insidious forms. Data breaches and cyber-attacks are on the rise, unleashing damage like never before and many companies are not prepared for the impact.

System Outages are the Silent Killer

While the Sony Pictures cyber-attack made headlines for the type of private information leaked such as internal email threads discussing celebrities, what you didn’t hear is that Sony Pictures’ computer systems were off-line for over 6 weeks due to the breach.

For a small or mid-size business, even a couple days offline could do significant financial damage. Statistics compiled by security firm Imprima drive home the importance of being prepared with adequate coverage to avoid a serious loss. According to the firm, 93% of businesses that suffer data loss for more than 10 days file for bankruptcy within a year, and 50% do so immediately.  

What many people don’t know is that traditional property, business interruption and liability insurance policies do not provide coverage for system outages or downtime from cyber events like hacks, viruses or denial-of-service attacks.  For this reason, we advise our clients to include business interruption coverage as part of their Data/Cyber Liability insurance policy.

While a cyber-attack can essentially freeze your business, cyber business interruption insurance minimizes your losses by providing you with funding to keep up payroll and cover other unexpected costs while you are offline.

To help you assess whether your business is adequately protected against unintended interruptions related to cybersecurity, consider the following:

1. If my organization suffers a cyber-attack, can my business still operate?

Just like the kitchen appliances we take for granted until a power outage shuts them down, a cyber-attack can suddenly find you scrambling. Are your systems entirely integrated? If so, a hack that hits one system may cause a domino effect on the others, impacting much more of your business than originally expected and complicating efforts to restore operations.  

2. How long can my business survive offline?

When systems are down, business is not getting done and money is not coming in. Without resources in reserve to carry you through and cover the cost of restoring your networks, your business may be in jeopardy.

3. Who are the vendors (e.g. cloud providers, SAAS providers, data warehouses, etc.) my business relies on to generate income?

It is imperative to take stock of your vendors that play an essential role in keeping your business online and generating income.  If one of those providers went offline or was unable to provide you with critical data, would your business suffer?  Typical cyber business interruption insurance won’t cover losses that result from another party’s downtime.  As such, we advise our clients to quantify the impact and add “Dependent Business Interruption” to their Cyber/Data Liability and traditional business interruption policies.

4. Does your business have a Cyber Incident Response Plan? 

Most organizations have disaster recovery plans designed for physical threats like fire, flood, and earthquake. It is important to create a Cyber Incident Response Plan (CIRP) so that if you’re faced with a cyber-attack, you are prepared to respond quickly. We recommend preforming a run-through and reviewing the plan annually to account for any changes to your systems.

Cyber/Data Liability insurance has become a significant component of a company’s overall risk management program. In the ever-changing cyber insurance marketplace, it is crucial to work with a specialist who understands your business and can design the right insurance program for your company. 

To learn more about avoiding a data breach nightmare, watch the webinar on best practices to prepare for, respond to and recover from a breach.

Avoiding a Data Breach Nightmare


Topics: Property + Casualty, Cyber & Data Security

Subscribe to Email Updates

Top Posts

Follow Us