Business Interruption (Cyber)
First-party cyber coverage for lost income and extra expenses when a cyberattack disrupts the insured's business operations.
What It Is
Cyber business interruption coverage reimburses the insured for lost net income and extra expenses incurred when a covered cyber event disrupts normal business operations. This is analogous to traditional property business interruption coverage but is triggered by network outages, system compromises, or other cyber events rather than physical damage.
Key policy terms that brokers must understand include the waiting period (typically 8-24 hours from the onset of the disruption before coverage attaches), the period of restoration (the maximum time the policy will pay BI losses, often 120-180 days), and the method of calculating lost income (which varies between actual loss sustained and projected income approaches). Extra expense coverage pays for costs to maintain operations during the outage, such as temporary manual processes, overtime labor, or cloud service migration.
Some cyber policies distinguish between business interruption caused by a security breach (covered under all policies) and business interruption caused by system failure without a breach (covered only if system failure coverage is included). This distinction is critical because many operational outages result from system failures, software bugs, or IT errors rather than malicious attacks.
Why It Matters for Brokers
For many commercial clients, the business interruption loss from a cyber event far exceeds the direct incident response costs. A manufacturing client shut down for two weeks can lose more revenue than the total cost of forensics, notification, and legal expenses combined. Brokers must carefully evaluate waiting periods, restoration periods, and coverage triggers to ensure the BI coverage matches the client's actual downtime exposure.
Real-World Example
A distribution company's warehouse management system is taken offline by a ransomware attack, halting all order fulfillment for 11 days. The cyber policy's BI coverage has a 12-hour waiting period and a 180-day restoration period. Lost net income during the outage is calculated at $42,000 per day, totaling $462,000 for 11 days less 12 hours. Extra expenses for manual order processing and expedited shipping to catch up on backlog add $128,000. Total BI claim: $590,000 against a $1M BI sublimit.
Common Mistakes
- 1Not reviewing the waiting period, which at 24 hours can eliminate coverage for shorter but still costly outages.
- 2Failing to confirm whether the policy covers system failure BI in addition to security breach BI, leaving non-malicious outages uninsured.
- 3Ignoring the BI sublimit when the client's daily revenue suggests potential losses well above the sublimit for extended outages.
How brokerageaudit.com Handles This
brokerageaudit.com's Policy Checker extracts BI waiting periods, restoration periods, and sublimits from cyber policies and compares them against the client's reported daily revenue. The system calculates maximum recoverable BI loss and flags when the sublimit is insufficient for a projected outage duration based on the client's industry benchmarks.