
When organizations face large-scale disasters or other unexpected losses, ensuring business continuity is often a top priority. Yet, various losses may make it challenging for organizations to avoid operational disruptions or temporary shutdowns. In these instances, even brief closures can carry costly consequences. Fortunately, that’s where business interruption (BI) insurance can help. BI insurance can offer much-needed financial protection when an organization’s usual business activities are interrupted due to covered losses. This type of coverage is typically available through a few different commercial insurance policies. Traditional BI coverage can be purchased as a supplement to commercial property insurance or a business owner’s policy (BOP), whereas an alternative form of BI coverage can be obtained via a cyber insurance policy.
There are several differences between traditional Business Interruption coverage and BI coverage that is part of a cyber policy, including when each applies and what losses they may cover. As such, organizations should be aware of these differences to better understand their overall coverage capabilities. The following article provides more details on traditional BI and cyber BI insurance and provides a general comparison as to the different types of coverage that may be offered under these policies.
Traditional BI insurance is typically added onto a commercial property insurance policy or comprehensive insurance package, such as a BOP. This coverage generally includes financial protection for the various expenses that can arise if an organization is forced to pause its operations or temporarily close its doors due to a covered loss. Such a policy may contain terms and conditions that would reimburse an insured for the following operating costs:
Examples of covered losses under traditional BI insurance include a range of perils, such as fire, theft, vandalism, and certain natural disasters such as hurricanes and tornadoes. For instance, if a fire destroys the kitchen in a restaurant, traditional BI coverage may help reimburse the business for lost income and employees’ wages while it temporarily closes for repairs. With traditional BI policies, some insurers may also offer contingent business interruption (CBI) coverage, which provides financial protection for operational disruptions caused by covered losses among suppliers and business partners. Some insurers may also provide civil authority coverage, which can help compensate expenses stemming from government-mandated business closures (e.g., a citywide curfew, local evacuation order or temporary road closure).
As background, a cyber insurance policy is traditionally designed to assist an organization respond to a cyberattack, data security incident, or breach to the confidentiality, integrity, or availability of information within the organization’s custody or control. These policies primarily focus on assisting organizations remediate the incident and return to their pre-incident IT environment status, and complying with their data breach notification obligations.
As its name suggests, cyber BI coverage is solely available through the purchase of a standalone cyber insurance policy. This relatively newer coverage offering has become increasingly common as organizations expand their digital operations and invest in various technological advancements, thus raising their associated cyber exposure and leaving them more susceptible to disruptive attacks. Not all insurers include BI coverage in their cyber policies so organizations should carefully review their policies for this offering rather than assume they have this coverage. Cyber BI insurance usually provides financial protection for costs stemming from an organization experiencing technology failures (e.g., system shutdowns or network outages) and related operational disruptions due to a covered loss. Such a policy may help reimburse many of the same operating costs as traditional BI coverage, including lost income, employees’ wages and extra expenses.
Examples of covered losses under cyber BI coverage include a variety of security and privacy events, such as data breaches, social engineering scams and ransomware attacks. For instance, if an online retailer’s website gets temporarily shut down due to a ransomware attack, cyber BI coverage may help compensate the business for lost profits incurred while the website is offline. With cyber BI coverage, some insurers may also provide financial protection for digital disruptions caused by human errors (e.g., an employee accidentally downloading a harmful computer virus) or malfunctioning software (e.g., an organization’s network unexpectedly freezing during a routine system upgrade). Further, some insurers may offer cyber CBI coverage, which can help reimburse expenses arising from third-party cyber events that result in software provider shutdowns or cloud vendor outages.
Despite some similarities, traditional BI and cyber BI policies are not the same. Here’s a coverage comparison to highlight the main differences between these coverage offerings:
While there are a number of differences between traditional BI and cyber BI policies, both forms of coverage can prove invaluable and offer significant financial protection to organizations facing operational disruptions. Organizations can consult trusted insurance professionals to learn more about these coverage offerings and discuss their specific BI insurance needs. Contact us today for further insurance solutions.
This article is published on the PLUS Blog at plusweb.org.
Authors: John Butler, E-Risk Services and Steve Stransky-Partner, Thompson Hine LLP