Understanding the limitations of business interruption insurance
The Monday morning nightmare you’ve only read about has arrived. Your business was targeted over the weekend in a ransomware attack or suffered some other form of cyberbreach. Your files are locked down subject to a ransom payment, or a hacker has invaded your network and caused damage and disarray for no apparent reason.
If you had opted to include cyber-event coverage as part of your business interruption (BI) / property and liability policy at the time of your last renewal or purchased a standalone cyber insurance policy, you may be feeling confident that any harm caused by the disruption will be covered. This harm is typically in the form of physical damage to systems that must be repaired, as well as the income losses incurred while repairs are performed.
BI coverage and, in this instance, cyber-event coverage, is intended to compensate a business for its loss of income and continuing expenses over the time the business’ systems are being restored. It can come as a surprise to the insured party when the amounts paid do not come close to making up for the losses.
As these incidents are on the rise, it’s becoming clear that your business partners, vendors and customers may not be ready to resume their prior working relationship with you immediately after you announce you’re up and running following an attack.
Similarly, an organization that has been the victim of a cyberattack may prudently decide to upgrade its security protocols beyond the level that previously existed (and that did not thwart the attack).
Understand the limitations
A major limitation of many cyber coverage policies is that claim periods typically are restricted to the timeframes required to restore an organization’s systems and security protocols to where they were before the attack and not more — even if an upgrade is warranted or advisable.
Similarly, your partners may only feel comfortable resuming their relationships with you when you provide assurances about an upgrade in your security measures.
Depending on the policy language and limitations, the cost of such delays or time requirements may be coming out of your company’s pocket.
It’s not unusual for insured parties to be unfamiliar or to misunderstand exactly what is covered in their BI policy. Sometimes even the broker who sold you the policy may not fully understand or properly convey the plan details that pertain to your policy.
Here are some tips to keep in mind about BI policies that may help you avoid problems should you need to file a claim:
- Know the specifics of your coverage: Be sure you understand what is and what is not covered under your plan. Don’t generalize or make assumptions about your coverage.
- Delays may not be fully compensable: Most cyber-event coverage is only intended to cover the period of time it takes to restore your systems to the level they were before the disruption occurred.
- Avoid threatening lawsuits: It may feel as if the insurer is not negotiating fairly with you.However, threatening a lawsuit against the insurer for denied claims is unlikely to be fruitful.
- Consider an extended BI policy: If you are facing strict restoration cutoff periods, extended BI coverage may help cover the time gap from when the repairs are completed until the full recovery of your business.
How Wipfli can help
Given the rising incidence of cyberattacks, organizations would be smart to look closely at the terms of the insurance coverage they have to help keep their business afloat while their systems are being restored or upgraded.
Wipfli professionals can assist you and your insurance broker in describing how your financial and operating information is likely to be used in the calculation of a claim. If you need to file a claim, we have deep experience in helping clients prepare claims in their pursuit of just compensation.
Contact us to learn more about our consulting services focused on reducing your risk of loss while maximizing recovery.
Sign up to receive additional business support services content in your inbox, or continue reading on:
