P&C

Business Interruption Goes Digital

Brokers have long worked to help ensure their clients are covered for unexpected physical supply chain interruptions. Now that risk extends into cyberspace.
Sponsored by Ryan Specialty Posted on December 2, 2024

“Brokers have been having this conversation for decades already but addressing business income interruption based on physical loss of the insured’s facility,” says Joshua Parrish, president, RT Specialty—La Jolla. “This is just a different peril than fire, but the conversation should be largely the same.” 

A cyber strike or an unintentional system failure at one company can have drastic consequences for the businesses it serves. This has been illustrated repeatedly in the last few years. An apparent 2021 ransomware attack on online payroll, benefits, and human resources provider PrismHR knocked out more than 200 of its client portals. More recently, Delta Air Lines was among the many victims of the July 2024 CrowdStrike outage of Microsoft operating systems—the airline was forced to cancel thousands of flights at an estimated cost of $500 million. 

Still, Parrish says, “I suspect that based on how small of a minority of businesses purchase cyber insurance, that companies may not appreciate the severity or likelihood of a cyber attack.” 

The risk is complex. While an insured might have stringent cybersecurity protocols in place, it can be difficult for small businesses to determine whether their vendors have taken corresponding steps, Ryan Specialty notes. An added challenge for insurers is identifying the scope of liability that might be created by a policyholder’s vendors, suppliers, and partners. 

“Business income loss is a (fairly) straightforward calculation of time X loss in income = payout. So, depending on the length of time and the amount of revenue that a company would normally generate absent of the downtime, it could get pretty expensive pretty quickly,” Parrish says, adding: “In our experience, there’s sufficient availability of quality coverage in this area. Regardless, policyholders can still benefit from knowledgeable resources in discussing potential exposures and coverage options.” 

A few questions commonly asked by underwriters during the underwriting process include: what are a company’s crucial vendors, extending beyond technology providers into areas such as billing and HR; for what period of time could the policyholder continue to operate while the vendor is offline; and what contracts have been enacted to offset those exposures? 

There are also a number of questions for brokers and their clients to consider in selecting a policy. Among these: how specifically does the policy cover contingent business interruption; does that coverage go beyond tech vendors; does the coverage encompass vendors that are not scheduled; does the policy cover both cyber attacks and unintentional system failures; is there a clear system for determining loss; and does the coverage include data restoration and additional costs? 

“A qualified cyber insurance practitioner can be a beneficial resource in the process of obtaining a cyber insurance policy,” Parrish says. 

More in P&C

Houses of Worship Face Extreme Weather
P&C Houses of Worship Face Extreme Weather
Insurer offers insights into the unique challenges of covering religious buildin...
P&C Examining Loss Estimates
Insurers and reinsurers are grappling with changing loss conditions that make in...
Risky Business
P&C Risky Business
RiskScan 2024 identifies what buyers and sellers in the insurance industry are w...
Sponsored By Munich Re