Monday, August 08, 2016
In the fifth of our Cyber Insights, Justin Clarke, Director of Underwriting and Pricing at NIG, takes a closer look at Business Interruption (BI), and discovers that not all BI cover is created equally – especially following a cyber incident.
In June 2015, the Department for Business, Skills and Innovation (BIS) published a report on the disruption caused by cyber security incidents. It found that a data breach, theft, or unauthorised disclosure of confidential data were all highly likely to cause serious business disruption.
The soaring cost of breaches
While the ‘serious business disruption’ in itself was no great surprise, the likelihood of a breach and the costs in time and money (including loss in income and profit) were. Actually, the figures quoted were quite astonishing. Here are the highlights:
With figures as eye-wateringly high as these, it’s no wonder most SMEs underestimate the financial impact a cyber incident can have on their business. In fact, many are under the mistaken belief that their commercial combined policy (which would likely include a business interruption section) would cover them following a cyber incident.
This is usually not the case. And here’s why: typically, BI policies limit cover to loss or damage to tangible, physical property – and loss of revenue – resulting from an insured physical peril. Think fire or flood, for example. In other words, BI cover always follows on from what is covered in a policy’s Material Damage section. This means if cyber cover is not included in MD section, the BI section will not include cyber either.
As such, in today’s digital economy where even the smallest of companies rely heavily on IT to do business, a data breach, or a virus that corrupts data or renders systems unusable – or any cyber incident affecting third parties – can lead to a significant loss of income or profit. Being unable to process orders, create invoices, pay suppliers, send or receive emails or service clients, would effectively render almost every business inoperable. Furthermore, in the ensuing fall-out, customers are likely to go elsewhere.
Key questions to ask
When it comes to establishing the need for business interruption cover with cyber insurance, it’s worth asking the following:
As we’ve noted in previous articles, the frequency and effectiveness of cyber attacks is increasing. We’ve already seen in the 2015 BIS report, 74% of small businesses have experienced a security breach. This is up from 60% in 2014.
The Association of British Insurers’ own survey also found a staggering 75% of SMEs have suffered a security breach in the last 15 months. Figures that suggest it’s more a case of ‘when’, not ‘if’.
So it makes more sense than ever for businesses to check their current BI cover to see if it includes cyber insurance. And if not, take out a specialised cyber insurance policy, to ensure that BI following a cyber incident (whether a crime, attack, or accidental data breach) is covered.
*2015 INFORMATION SECURITY BREACHES SURVEY