• 13 April 2018

Aligning claims protocols for cyber business interruption (BI) and property damage policies will pay dividends in the event of a large claim.

In a connected world, ever more reliant on technology, business interruption is a top priority for organisations of all sizes. A recent survey by Allianz found that cyber incidents are now the most feared trigger for business interruption, which in itself is ranked as the greatest risk facing businesses today.

This stark finding follows a string of cyber incidents in the past two years that have resulted in costly disruption for the affected parties. Most notably, two global ransomware attacks in 2017 caused major disruption for a number of organisations, ranging from the UK’s National Health Service to the world’s largest shipping company (Maersk estimates the attacks cost it $300m from the increased cost of working and loss of business).

Large cyber business interruption losses have also been triggered by human and operational errors, as seen with serious IT system outages at a number of airlines, including British Airways and Southwest Airlines. Lloyd’s of London recently estimated that an outage at a major cloud provider could drive business interruption losses of almost $15bn in the US alone.

Evolving cover

Business interruption losses following a cyber incident can be covered under a number of different policies, offered in both the property market and the standalone cyber market.

Property policies typically cover business interruption following damage from an insured peril, although most policies restrict perils following a cyber incident to fire and explosion. Broader cyber business interruption cover is, however, available in the specialist cyber insurance market. Standalone cyber polices typically exclude property damage, but they can provide business interruption cover for a wide range of triggers, including system outages, cyber attacks or the unintentional actions of an employee.

Diverging claims processes

Adjusting a business interruption claim is complicated at the best of times, and given the emerging nature of cyber risk, it is easy to see why cyber related business interruption claims bring fresh challenges.

When it comes to making a business interruption claim, cyber insurance policies are likely to respond very differently to traditional property polices. This is because property damage business interruption and cyber business interruption have evolved independently, with different wordings and methods of calculating losses.

It is conceivable that a single cyber business interruption event could trigger both a property and cyber policy. Even where just one policy is triggered, different approaches to adjusting business interruption losses can lead to delays and frustration, especially when claims settlement values do not meet expectations.

Cyber business interruption policies are often open to interpretation and claims can be protracted, delayed by questions and legal discussions. In addition, IT teams are unlikely to have experience of adjusting a business interruption loss, while the expectations of the finance department will be based on the methods of calculating property damage business interruption losses.

Image of hands using a mobile phone

Miller's claims capabilities


Cyber and property damage policies will provide different coverage and triggers for business interruption losses, but they should be viewed with a common understanding when it comes to claims handling.

In many cases, the two types of cover can be drafted to perform in a similar way and meet common expectations. For example, there is a case for appointing the same forensic accountants and loss adjusters to calculate business interruption losses for both cyber and property damage claims. It is about having the right people, but also the same people where possible, as they will be familiar with the policyholder’s accounts and ways of working.

Agreed and aligned protocols and methods of calculating business interruption losses – whether cyber or property damage – will give increased contract certainty and clarity. It will also manage the expectations of senior managers and avoid nasty surprises when it comes to a claim.

Thinking ahead

We already see that cyber business interruption exposures are growing – Allianz says cyber business interruption claims are increasing, triggered by cyber attacks, but more frequently from technical faults and human error. As reliance on technology grows, we fully expect to see more and more cyber business interruption claims in the market in coming years.

At Miller, we are working with our clients to dovetail cyber and property business interruption policies, aligning wordings, claims settlement processes and third party experts. This will increase contract certainty and maximise the potential recoverability of losses under cyber business interruption policies.

Image of a man walking through an illuminated tunnel

Cyber risks