What Does Cyber Insurance Cover?
By Rehana Moosa
With the significant increase in the number of cyber attacks over recent years, cyber insurance has become a must-have for many businesses. As recent history has demonstrated, no business, regardless of size or industry, is completely immune to the risk of a cyber attack.
Since cyber insurance is still a relatively new insurance product, there is still variability with respect to policies offered by different insurers. However, generally speaking, the types of losses that are covered by cyber insurance policies is fairly consistent.
In this blog post, we explore the types of losses that are covered under first party cyber insurance coverage.
Business Interruption Losses
A cyber attack can cause a business interruption loss, depending on the length of time a business needs to restore its systems and data, and resume operations.
A business interruption loss can be caused by:
- A loss of existing customers
- A loss of potential customers, such as walk-in customers or referrals
- The loss or cancellation of a contract
- Lost sales orders
- The offering of discounts to customers, who are compensated for delays in completing or the delivery of orders
- Cancelled projects
- The inability of the insured to submit bids / quotes for potential projects
Most cyber policies measure business interruption losses based on the net income that was lost as a result of the cyber attack (i.e. revenues less all expenses). Some policies also cover operating expenses, including payroll, that the insured continued to pay while it was in the process of restoring its systems.
Contingent Business Interruption Losses
A contingent business interruption loss can occur in cases where an insured uses a third party to provide services such as data hosting, data backup / storage, or cloud computing, and the service provider suffers a cyber attack. As a result, the insured experiences a business interruption loss when their operations are impacted, even though they were not the direct target of the cyber attack.
Some cyber insurance policies will specify the types of third party service providers that are included under this coverage, while other policies offer more generic wording.
Cyber insurance policies include coverage for extra expenses, which are additional costs incurred as a result of the cyber attack. Common examples include:
- Employee overtime
- Meals for employees who are working overtime
- Costs to hire subcontractors to complete projects / orders that the insured is unable to complete
- Labour inefficiencies, in cases where certain tasks must be completed manually instead of electronically
Cyber policies generally required that two criteria be met for a cost to be covered as an extra expense:
- The costs must exceed the insured’s normal operating expenses. For example, if an employee typically works $500 worth of overtime each year, this would be considered a normal operating expense. If the insured suffers a cyber attack, any employee overtime worked as a result of the attack in excess of $500 per year would be considered an extra expense.
- The costs must have been incurred to mitigate the business interruption loss. In other words, the insured must demonstrate that the extra expenses reduced or avoided a loss of income.
Incident Response Costs
Following a cyber attack, insurance companies can provide access to a panel of experts who can assist businesses in recovery and remediation efforts. These experts are pre-vetted by the insurers and specialize in various areas such as law, computer forensics, forensic accounting, and public relations.
Cyber insurance policies include coverage for costs incurred when members of the panel are retained by the insured. While it should be noted that insureds may be under no obligation to use the insurance company’s panel, some policies reduce the amount of the coverage for incident response costs should the insured choose to use a service provider that is not part of the panel.
Cyber policies generally cover ransom payments, should the insured choose to pay one. Ransom payments can be negotiated by legal counsel or computer forensic experts who have intel on certain threat actor groups and the best approaches to use to potentially reduce the ransom payment.
Contact us to learn more. 647-426-0146 | firstname.lastname@example.org
Communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. For permission to republish this content, please contact Rehana Moosa Forensic Accounting Professional Corporation.
Common Exclusions Under Cyber Insurance Policies
Understanding the types of losses and costs that cyber insurance excludes is as important as understanding…read more
Document Requests for Fidelity / Crime Insurance Claims
When reviewing or preparing a fidelity / crime insurance claim, the documents required to substantiate…read more
What To Do If You Suspect Fraud
When business owners first suspect an employee of fraud, it is important to take the right steps at the…read more
Decrypting Cyber Insurance
Purchasing a cyber insurance policy can be challenging – there are many exclusions and limitations and…read more
Industries Most Susceptible to Fraud
Certain industries are more susceptible to fraud than others. The nature of their operations are such…read more
The RMFA Difference
Regardless of background or level of knowledge, all our clients are treated with professionalism and respect. All files, regardless of size or complexity, are treated as a top priority. That’s our promise.