Cyber insurance serves as an effective safeguard against a cyber attack by providing time-critical resources and indemnifying your firm for losses. While it’s essential to cover the direct costs associated with a data breach or wire fraud attack, for example, it’s also important to consider the indirect losses stemming from such attacks, including business interruption and reputational damage. Cyber insurance provides coverage on an à la carte basis where coverage for these indirect losses may be overlooked. We’ve outlined a few of the most common pitfalls we see when reviewing cyber policies for financial firms and how these firms can avoid them:
Insufficient “Business Interruption” cyber coverage: many businesses underestimate the financial impact a cyber event would have on their system until it is too late. “Business Interruption” on a cyber policy indemnifies an organization for their loss of income caused by an attack that shuts down their network, renders their hardware or software inoperable, or corrupts their data. It can also cover the extra expenses incurred to restore their operations, such as overtime pay for employees, extra travel expenses, and costs to expedite supplies or services to meet customer demand.
Determining the appropriate amount of Business Interruption coverage needed requires a calculation of the potential loss of revenue and extra expenses. You should work with your cyber security provider to estimate the time and effort required to fully restore your operations. Additional time and expenses should be factored into this estimate to account for unforeseen disruptions and delays.
Business interruption caused by a cyber attack on a service provider: businesses are more dependent on their service providers than ever before due to the outsourcing of technology and business processes. A cyber attack that causes a shutdown of a key provider’s operations could have a major impact on your firm’s operations and finances.
“Business Interruption” coverage, as mentioned above, will not indemnify a firm for their loss of income caused by a cyber attack on their service provider. Cyber insurance would only respond in this situation if “Dependent Business Interruption” (sometimes called “Contingent Business Income”) is included in their policy.
Reputational Harm: cyber attacks often go underreported and for good reason: the reputational damage suffered by financial firm after an attack can be substantial. In many cases the financial loss from reputational damage is greater than the direct costs associated with the cyber attack itself. However, not all cyber policies include coverage for reputational harm.
“Reputational Harm” coverage indemnifies your business for the loss of profit or net loss resulting from a harmful publication concerning a cyber attack on your firm. In addition, “Breach Response” coverage can pay for a public relations consultant as well as a media campaign to mitigate the harm from a publication and help rehabilitate your reputation.
The day your firm is reeling from a cyber attack is not the time you want to discover your cyber policy has a gap in coverage! These pitfalls can often be avoided by working with an experienced broker who understands your organization’s needs and has access to the appropriate cyber coverage for your business.
**********
Mathew J. Kryder is an Insurance Advisor at Petschauer Insurance, a division of Patriot Growth Insurance Services. Connect with him on LinkedIn here.
Petschauer Insurance is an independent insurance brokerage with over 60 years’ experience. We specialize in reducing the financial exposures asset managers face and seek to establish a firm relationship of mutual trust and superior service. Representing the country’s leading insurance companies, we access competitive products to help our clients preserve their profitability.