Decrypting Cyber Insurance
By Rehana Moosa
Published in Toronto Manager in Summer 2021 by Chartered Managers Canada
Purchasing a cyber insurance policy can be challenging – there are many exclusions and limitations and terms that impact how much you can recover in the event of a claim.
However, given the increased frequency and severity of cyber attacks, it is important to understand how cyber insurance works and whether your current policy (if you have one) meets your needs.
Business interruption losses often make up a large portion of an organization’s claim following a cyber attack. Cyber insurance policies generally measure these losses as:
- Loss of net income only, or
- Loss of net income, plus all costs that continued while systems were impacted, including payroll
A loss of net income can result from a decrease in sales, an increase in expenses, or a combination.
With respect to decreased sales, this can take the form of:
- A loss of existing customers, either temporarily while systems are being restored, or permanently
- Existing orders / sales that are cancelled, especially in cases where delivery deadlines cannot be met
- Loss of potential / walk-in / new customers
- Cancelled contracts or projects
- Discounts provided to customers to compensate them for delays
The existence and amount of the lost sales can be determined using different types of analysis such as:
- Sales earned before and after the cyber attack can be compared, based on time period (e.g. annually / monthly), customer (if specific customers have been lost), or other factors.
- Cancelled customer contracts can be reviewed to calculate the revenues that were expected to be earned.
- Cancelled orders can be compiled and their sales value calculated.
- Discounts offered to customers can be recorded in a separate account for easy tracking.
Businesses who have been victims of cyber attacks will sometimes incur additional expenses as systems are being restored. Common examples include:
- Employee overtime, if staff must perform tasks manually or catch up on delays
- To avoid losing orders, some businesses may transfer work to a subcontractor despite the higher cost.
- When tasks are performed manually, without the use of technology, they can often take longer, resulting in higher than normal labour costs. For example, an employee who normally completes a task in 1 hour using a computer may need 4 hours to complete it manually. The additional 3 hours of labour is an increased expense.
- Other expenses such as meals and taxi fare for employees working overtime.
Selecting the Type of Business Interruption Coverage
As mentioned earlier, business interruption losses can be measured as the: (1) loss of net income only; or, (2) loss of net income plus all continuing costs. The right coverage for you depends on your specific business.
For example, two companies, ABC Inc. and XYZ Ltd. both suffer a cyber attack. Their losses and costs are as follows:
Lost net income - $100,000
Continuing payroll costs - $250,000
Other continuing costs - $50,000
Lost net income - $100,000
Continuing payroll costs - $10,000
Other continuing costs - $15,000
If both businesses had a policy that covered the loss of net income only, ABC and XYZ would each recover $100,000.
If their policies included coverage for continuing costs, their recovery would be:
Loss of net income — $100,000
Continuing payroll — $250,000
Other continuing costs — $50,000
Total — $400,000
Loss of net income — $100,000
Continuing payroll — $10,000
Other continuing costs — $15,000
Total — $125,000
ABC recovers more under their policy because its costs remained high despite earning less revenue. Its expenses are mostly fixed and do not decrease when the business’ revenues decline. For this reason, having continuing cost coverage would be useful.
By contrast, XYZ’s continuing costs are low because they are variable, meaning that they decrease when less revenue is earned. In this case, XYZ may not need coverage for continuing expenses.
Purchasing the Right Amount of Coverage
While there is no mathematical formula that can be used to calculate the appropriate amount of coverage, an insurance broker can be an invaluable resource. Brokers with experience in cyber insurance claims can guide you and identify factors to consider in determining the amount of coverage you need.
Insurance companies have started tracking and publishing data on cyber insurance claims online. Information is collected on victim organizations, such as geographic location, industry, and annual revenues, and the type and amount of losses that have been claimed. Businesses can use this data to research the losses claimed by comparable organizations and apply this knowledge to determining their own coverage needs.
Contact us to learn more. 647-426-0146 | email@example.com
Communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. For permission to republish this content, please contact Rehana Moosa Forensic Accounting Professional Corporation.
Common Exclusions Under Cyber Insurance Policies
Understanding the types of losses and costs that cyber insurance excludes is as important as understanding…read more
Document Requests for Fidelity / Crime Insurance Claims
When reviewing or preparing a fidelity / crime insurance claim, the documents required to substantiate…read more
What Does Cyber Insurance Cover?
With the significant increase in the number of cyber attacks over recent years, cyber insurance has become…read more
What To Do If You Suspect Fraud
When business owners first suspect an employee of fraud, it is important to take the right steps at the…read more
Industries Most Susceptible to Fraud
Certain industries are more susceptible to fraud than others. The nature of their operations are such…read more
The RMFA Difference
Regardless of background or level of knowledge, all our clients are treated with professionalism and respect. All files, regardless of size or complexity, are treated as a top priority. That’s our promise.