Cyber Risk and Business Interruption Coverage

On November 30, my partner Robin Fischer will be speaking at ACI’s Cyber & Data Risk Insurance conference in San Francisco at the Park Central Hotel.  The topic, Cyber Business Interruption, could not be more timely on the heels of the Dyn DDoS attack, which was the subject of my last post.  [For a primer on Cyber Business Interruption, you can refer to my Cyber 101 blog post here.]

Robin has a strong background in property & casualty insurance, and was an expert in property business interruption long before the cyber market started offering this extension of coverage. Robin’s experience is critical because this is still a very new area of coverage for the cyber insurance market, and few claims have been paid to date. This is likely due to a number of reasons:

1. Adoption of coverage is still relatively low. Even though most cyber insurers will now offer an extension of coverage for network business interruption (NBI), companies have been slow to add the component to their cyber program if there is a material additional cost.
2. Perception of risk has been low, but this may be changing. In 2016 there have been several high-profile cyber network outages, including a 20-hour outage at Salesforce, a 13-hour outage at Southwest Airlines, and the recent Dyn attack.  All involved companies with significant technology resources, which suggests that no one is immune to the risk of an outage.
3. Security Failure vs System Failure. Many of the cyber insurers will currently only cover NBI caused by a malicious attack (“security failure”), but some policies include a broader trigger that encompasses NBI caused by human error.  As more policies are written with the “system failure” trigger, more outages will qualify for coverage.
4. Long waiting periods. NBI coverage typically includes an 8-12 hour waiting period before coverage kicks in.  For many technology companies, an outage of this length sounds apocalyptic.  The good news is that there is a lot of capacity in the cyber insurance market right now, and we believe that competitive forces will help push those waiting periods down in 2017.

Consider joining Robin Fischer and a group of experts in their fields in San Francisco on November 30th to discuss fundamental cyber issues faced today. In addition to Robin's Business Interruption panel, this two-day event will cover topics like:

• Cyber Extortion
• The Interaction Between Cyber, Property and Crime
• PCI and Payment-Card Breaches
• Operational and Liability Factors in Growth Decisions
• Doing Business in Europe
• Cyber Liability Litigation and Class Actions
• Special Cyber Considerations for Tech and Early Stage Companies

If you’re interested, go register here.