Context
The IUA has published a new report (which is available to download from this page) in which it states that cyber business interruption risks should receive the same level of attention as that given to information technology security controls and ransomware threats. Research conducted by the IUA in association with Baker Tilly analyses claims experiences from the last few years. The report is titled “Cyber Business Interruption: What has changed since 2018?”.
Key points to note and next actions
- Whilst understanding of cyber business interruption has come a long way, there is still work to be done to improve the claims experience for both insurers and policyholders.
- The cyber insurance market has handled a significant increase in business interruption claims in recent years, both in terms of volume and value.
- In 2024 alone the industry has seen the Change Healthcare, CDK and CrowdStrike events, highlighting the importance of cover for such risks and the threat of systemic risks. The report seeks to identify the challenges that arise when calculating cyber business interruption losses and how they can be addressed in future.
- Business interruption cover is a critical part of a cyber insurance policy and can be a significant part of any claim settlement.
- The report considers it critical to the cyber insurance market’s continued success to share these experiences, so that cyber interruption and the resulting financial exposures are better understood.
- The report considers current cyber BI policy wordings, the treatment of stock in BI losses, indemnity periods, payroll and system/data restoration costs, and enforced software upgrades.