What is this coverage?

In our digital age, businesses can be knocked offline for weeks in the event they suffer a cyber attack.  Considering the combined losses of unearned revenue and continued expenses (e.g. payroll), it should be no surprise that many businesses go bankrupt after serious cyber events. As such, a cyber policy’s Business Interruption coverage is critical to cashflow-dependent businesses given it indemnifies them for the lost revenues that they need to cover their costs.

What does this coverage offer?

Business Interruption provides coverage for expenses or lost revenues due to an interruption or outage in an insured’s systems due to a cyber event – for example, a cyber-attack that takes your corporate email offline. The coverage may indemnify a variety of losses incurred during the interruption including:

  • Lost net income, based on financial records
  • Corporate mortgage, rent, and lease payments
  • Loan payments
  • Employee payroll              

Contingent Business Interruption provides coverage for expenses or lost revenues due to     business interruption in a third party’s property or systems – for example, if a company’s MSP manages its website, and it gets attacked knocking the website offline, then contingent business interruption could kick in to indemnify for lost revenues.  This third-party property is called “dependent”. The following could be considered dependents (depending on the carrier):

  • Suppliers: The contributors that supply the business with the parts, services, platforms etc. needed to make its product or provide its service.
  • Buyers: The receivers that buy the service, product or goods of the business.  This may be the only buyer, or the one who buys the most from the business.
  • Providers: the manufacturers that make products for delivery to a business’ customers as laid out in a contract of sale.
  • Drivers: These include whatever businesses and other entities that bring potential customers to the spaces where the business makes most of their sales.


Why it’s Useful.

When damage is done to a business’ systems or property that cripples its operations, the costs involved with repairing the damages are not the only costs that are involved.  If a business can’t operate, it loses the revenue it may have otherwise collected.

In insurance, there is a period of indemnification over which an insurance policy will compensate the business for lost income.  This period starts after the damages are reported, and can go for as long as 90 days, or even up to a year with an endorsement.

The period of indemnification should not be confused with the waiting period at the start of a policy.  Waiting periods represent the amount of time an insured must wait before they start being indemnified. The longer the waiting period, the longer the insured must wait before the policy kicks in to cover lost revenues.


Examples.

Ransomware Attack

–Situation:

A company that sells furniture has a  cyber insurance policy with business interruption coverage. The company gets slammed with a ransomware attack that encrypts its data and cripples its systems.  The ransomware gang demands $25,000 in Bitcoin to restore access.

–Outcome:

After consulting an incident response     and forensic expert, the company decides to pay the ransom. The company     receives a decryption key that permits access to the once-encrypted data. A forensic accountant also calculates that the company’s business interruption missed out on $175,000 in lost revenues based on potential sales during the downtime. The cyber insurance policy covered the $25,000 ransom, and because the insured also had business interruption coverage, it also covered the $175,000 of business interruption loss. The policy paid out a total of $195,000.

Lost revenues: $175,000

Ransomware: $25,000

Retention: $5,000

Paid by the insurer: $195,000

Contingent Business Interruption

–Situation:

Daniel’s online shop has an IT provider, who suffered a major breach. Hackers shut down the IT provider for a week, demanding a ransom. This affected all clients of the IT provider, including Daniel -- he was unable to do business that week. After a week of negotiations, the IT provider’s systems were restored, allowing Daniel to do business again.

–Outcome:

Thankfully Daniel had Contingent Business Interruption coverage. As soon as his website was down for more than an hour, he contacted his insurance carrier. The insurance carrier activated the policy and indemnified Daniel’s shop for every day it was offline. Daniel’s shop normally grosses $8,000 a day in revenue, so he was paid out $51,000 for seven days ($56,000 minus his $5,000 retention).

Savings: 91%

Lost revenues: $56,000

Paid by Daniel’s company: $5,000 (retention)

Paid by the insurer: $51,000