Decrypting Cyber Insurance

Rehana MoosaBy Rehana Moosa

Published in Toronto Manager in Summer 2021 by Chartered Managers Canada


Purchasing a cyber insurance policy can be challenging – there are many exclusions and limitations and terms that impact how much you can recover in the event of a claim. 


However, given the increased frequency and severity of cyber attacks, it is important to understand how cyber insurance works and whether your current policy (if you have one) meets your needs.


Business Interruption


Business interruption losses often make up a large portion of an organization’s claim following a cyber attack.  Cyber insurance policies generally measure these losses as:


  • Loss of net income only, or
  • Loss of net income, plus all costs that continued while systems were impacted, including payroll

A loss of net income can result from a decrease in sales, an increase in expenses, or a combination.


With respect to decreased sales, this can take the form of:


  • A loss of existing customers, either temporarily while systems are being restored, or permanently
  • Existing orders / sales that are cancelled, especially in cases where delivery deadlines cannot be met
  • Loss of potential / walk-in / new customers
  • Cancelled contracts or projects
  • Discounts provided to customers to compensate them for delays

The existence and amount of the lost sales can be determined using different types of analysis such as:


  • Sales earned before and after the cyber attack can be compared, based on time period (e.g. annually / monthly), customer (if specific customers have been lost), or other factors.
  • Cancelled customer contracts can be reviewed to calculate the revenues that were expected to be earned.
  • Cancelled orders can be compiled and their sales value calculated.
  • Discounts offered to customers can be recorded in a separate account for easy tracking.

Increased Expenses


Businesses who have been victims of cyber attacks will sometimes incur additional expenses as systems are being restored.  Common examples include:


  • Employee overtime, if staff must perform tasks manually or catch up on delays
  • To avoid losing orders, some businesses may transfer work to a subcontractor despite the higher cost.
  • When tasks are performed manually, without the use of technology, they can often take longer, resulting in higher than normal labour costs.  For example, an employee who normally completes a task in 1 hour using a computer may need 4 hours to complete it manually.  The additional 3 hours of labour is an increased expense.
  • Other expenses such as meals and taxi fare for employees working overtime.

Selecting the Type of Business Interruption Coverage


As mentioned earlier, business interruption losses can be measured as the: (1) loss of net income only; or, (2) loss of net income plus all continuing costs.  The right coverage for you depends on your specific business.


For example, two companies, ABC Inc. and XYZ Ltd. both suffer a cyber attack.  Their losses and costs are as follows:


ABC Inc.

XYZ Ltd.

Lost net income - $100,000

Continuing payroll costs - $250,000

Other continuing costs - $50,000

Lost net income - $100,000

Continuing payroll costs - $10,000

Other continuing costs - $15,000


If both businesses had a policy that covered the loss of net income only, ABC and XYZ would each recover $100,000.


If their policies included coverage for continuing costs, their recovery would be:



ABC Inc.

XYZ Ltd.

Loss of net income — $100,000

Continuing payroll — $250,000

Other continuing costs — $50,000


Total — $400,000

Loss of net income — $100,000

Continuing payroll — $10,000

Other continuing costs — $15,000


Total — $125,000


ABC recovers more under their policy because its costs remained high despite earning less revenue.  Its expenses are mostly fixed and do not decrease when the business’ revenues decline.  For this reason, having continuing cost coverage would be useful.


By contrast, XYZ’s continuing costs are low because they are variable, meaning that they decrease when less revenue is earned.  In this case, XYZ may not need coverage for continuing expenses.


Purchasing the Right Amount of Coverage


While there is no mathematical formula that can be used to calculate the appropriate amount of coverage, an insurance broker can be an invaluable resource.  Brokers with experience in cyber insurance claims can guide you and identify factors to consider in determining the amount of coverage you need.


Insurance companies have started tracking and publishing data on cyber insurance claims online.  Information is collected on victim organizations, such as geographic location, industry, and annual revenues, and the type and amount of losses that have been claimed.  Businesses can use this data to research the losses claimed by comparable organizations and apply this knowledge to determining their own coverage needs.


Contact us to learn more.   647-426-0146  |

Communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. For permission to republish this content, please contact Rehana Moosa Forensic Accounting Professional Corporation.

Back to Knowledge

Related Knowledge

The Case of the Lucky Lottery Ticket

Most people have dreamed about what they would do if they won the lottery. Despite knowing the odds…read more

Why Fraud Prevention Is Important

We have all heard the saying, “An ounce of prevention is worth a pound of cure”. This holds true for…read more

Fidelity / Crime Insurance - Discovery vs. Loss Sustained Coverage

Businesses change insurers for a variety of reasons, from lower insurance premiums to better coverage…read more

#Gotcha – Experts and Social Media

Facebook. Instagram. LinkedIn. Twitter. Social media has become ingrained in our daily lives, allowing…read more

Are Fraud Losses Tax Deductible?

As the old saying goes, “There are only two certainties in life – death and taxes.” While we often discuss…read more


The RMFA Difference

Regardless of background or level of knowledge, all our clients are treated with professionalism and respect. All files, regardless of size or complexity, are treated as a top priority. That’s our promise.