Business Interruption And Cyber Insurance: What’s Covered After A Cyber Attack? – Insurance Laws and Products

Napoleon Elizer

To print this article, all you need is to be registered or login on

This is part one in a three-part series. Check out part two
for examples of cyber insurance
(plus insight into how insurers and
insureds usually negotiate these issues) and part three for
how to lower your cyber insurance

Fires. Floods. Labour disputes. Vandalism. Civil unrest.
Regulatory changes. These are the usual suspects when it comes to
causes of business interruption, but ever since Captain Zap’s
infamous 1981 hack into AT&T’s network, cyber
crime has become an important addition to the list. If your
business has been hit, there’s no time to waste – so here are
the need-to-knows about business interruption coverage and your
cyber insurance policy, including four scenarios that present
coverage challenges.

Business interruption coverage in a cyber policy

Business interruption coverage eases the financial pain
experienced by an organization that is unable to operate normally
following a cyber attack. An important point: not all cyber
insurance policies include business interruption coverage. For
policies that do, typical coverages include lost income and extra
expenses incurred to get the business up and running.

The organization, of course, must have experienced a disruption
or incurred additional expenses in order for the business
interruption coverage to be triggered – and this is where
organizations and insurance companies often disagree. The rest of
this article explores four common situations that result in complex
business interruption claims.

New requirements from integrated partners

When an organization is impacted by a cyberattack, its integrated
partners – third parties that maintain the organization’s
electronic medical records or leads databases, for example – often
take a hard look at their own cybersecurity. If the partners’
standards increase, the organization that suffered the attack may
need to improve its security before being given the keys to the
systems again.

Organizations usually expect that expenses related to their
integrated partners’ demands will be eligible for business
interruption coverage under their cyber insurance policy. From the
insurer’s perspective, though, coverage is meant to return an
organization to its original state, not pay for improvements.This type of claim is
often denied and, in our experience, the ensuing dispute often goes
to mediation.

Regular salaries and wages

When it comes to business interruption expenses related to
labour, insurance companies usually require evidence that the
organization’s costs increased due to post-attack remediation
efforts. Costs for new staff or consultants brought on to rebuild
the organization’s systems often qualify. So do overtime costs
incurred by current employees. The regular salaries of existing
employees who have been reassigned to restoration efforts during
normal business hours are rarely covered.

Delays in sales or payments

The business interruption coverage in most cyber insurance
policies will cover lost sales – those that could never be
completed due to the security or privacy breach – but not sales
that were simply delayed until systems were back online. If a
customer or client can initiate, continue or complete a sale using
approaches that weren’t affected by the breach (think using the
telephone, visiting a brick-and-mortar location, and putting a
credit card in an old school manual credit card machine), the delay
is not usually eligible for inclusion in the claim.

Excessive ransom demands

Many organizations are keen to pay a ransom as a way to return
to normal business operations immediately. Some insurers, however,
require some due diligence before authorizing a payment. They often
encourage the insured to compare the cost to rebuild systems from
backups plus the cost of projected business interruption expenses
to the amount demanded by the attackers. Since most policies
require insurer consent before a ransom payment can be made,
insurers will often ask insureds to take a hard look at

  • The organization can operate, even at a reduced level, while
    its systems are restored

  • The rebuild can be done relatively quickly

  • The ransom is greater than the anticipated business
    interruption claim.

Your next steps

Cyber insurance is complicated. And it’s getting more
expensive. If time is on your side, one of the best things you can
do is review your policy with an experienced cyber insurance broker
to ensure your coverage matches your business situation. (A cyber
insurance lawyer can sometimes help you reduce premium costs, too)

Not everyone has the luxury of time, however. If you’re
caught up in the panicked aftermath of an attack, our best advice
is to communicate openly and often with your insurer. Our four
examples of complex business interruption claims are cautionary
tales. If your understanding of your policy isn’t the same as
your insurer’s, any well-meaning decisions with financial
consequences you make may result in your claim being rejected.

About BLG

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Insurance from Canada

Next Post

Fruit Juice Market Share, Size, Industry Overview, Latest Insights and Business Opportunities 2022-2027

Fruit Juice Market The Fruit Juice Market to reach US$ 182 Billion by 2027, exhibiting at a CAGR of 4.31% during 2022-2027. SHERIDAN, WY, USA, September 15, 2022 / — According to IMARC Group’s latest report, titled “Fruit Juice Market: Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2022-2027”, the global fruit […]
Fruit Juice Market Share, Size, Industry Overview, Latest Insights and Business Opportunities 2022-2027