Business Interruption in a Cyber Policy

What is Business Interruption?

Business interruption (BI) covers loss of income after a disaster impacts a business.

For example, think of a fire at a restaurant. After the fire, the restaurant continues to have expenses such as rent and payroll to stay in business. However, the restaurant would be unable to generate revenue because the fire has impacted its operations. Without income, the restaurant may be unable to cover its expenses. Business interruption insurance would cover the loss of income, making it possible for the restaurant to continue to cover expenses until the restaurant reopens.

Business Interruption is not included in all cyber policies

The purpose of business interruption insurance is to soften the blow of the losses incurred when a business cannot operate due to a covered loss.  Traditionally, BI requires physical damage, such as fire or a natural disaster, for the insurance coverage to kick in.

BI in a Cyber Insurance Policy

In a Cyber insurance policy, business interruption intends to cover the income loss after a business is impacted by a privacy or security breach.

It aims to reimburse the business for the difference between the typical income of the business and the reduced generated income during the shutdown caused by a cyber event.

Business interruption insurance is not included in all cyber policies. 

Despite business interruption being a critical coverage in cyber insurance, the risk of system business interruption is often an afterthought.

In conventional property insurance, business interruption coverage is based on a breakdown of the insured’s planned operating expenses and fixed costs. In cyber insurance, insurers revert to a predetermined daily compensation rate to simplify the process.

If your policy does provide BI coverage, it is crucial to analyze what constitutes a BI loss and under which circumstances the policy would respond. Here are key aspects to consider:

  • Coverage limits

  • Insuring clause 

  • Definitions and exclusions

  • Waiting period & Recovery period

  • Retention or deductible

  • Contingent business interruption

BI: A First-Party Loss

In a Cyber Insurance policy, first-party coverages provide monetary assistance to soften the impact of cyber-attacks and data breaches experienced by a business. Business Interruption is an example of a first-party loss because it covers the loss the insured suffered from a cyber event.

Here’s an example:

A manufacturing facility utilizes computer systems to receive orders, process designs, and set machinery into production. A hacker executes a Denial of Service Attack (DoS) that shuts down the facility. The manufacturer is entirely down and unable to generate any revenue for 3 weeks while the systems are restored.

Analyze your BI Coverage:

Is this a covered loss?

A denial of service attack may be considered a network security breach and covered event under the Business Interruption insuring clause.

If a denial of service attack is a covered cyber event, the insurer will reimburse the insured for the income lost and expenses incurred because of the breach, subject to the coverage limit and conditions.

Watch the Language

Watch out for the language in the insuring clause or insuring agreement. In the example above, we talked about “denial of service attack,” possibly being a covered event. What else constitutes a covered event? What about events like a “security failure” and “system failure” or “human error”? We’re referring to a failure caused by a system upgrade or an employee who caused the system to crash by pressing the wrong key. Could these events trigger the BI coverage?  Every policy is different, so the answer varies among policyholders.

Another important consideration of BI coverage is the magnitude of the interruption. Some policies require the business to be completely shut down before coverage kicks in. Other policies respond to a partial interruption or a slow down. Read the definition of Business interruption, loss, and any applicable exclusions to understand the extent of the coverage.

Waiting Period

Waiting period refers to the time that has to elapse before coverage begins. In the example above, the BI coverage would be afforded for the 3 weeks minus the waiting period. These are the number of hours that must elapse for the coverage to be triggered.

Waiting periods range from a few hours to 24 or even 48 hours, and specifics are stated on the policy declarations. The waiting period starts when operations are impacted by the cyber event (i.e., the beginning of the business interruption), and coverage applies to the loss incurred after the waiting period.

The application of a dollar retention amount, in addition to the restoration period, is not standardized. Some policies use the waiting period as a stand-in for retention and do not require additional dollar retention. Other policies may apply a waiting period and a policy deductible or retention.

Restoration Period

Restoration Period refers to the period for which the income loss is covered.

In the example above, the manufacturer was down for 3 weeks. Now, imagine if the business’s reputation took a hit and sales were severely affected for over a year.  Some policies go as far as covering reputational damage. Regardless, any settlement would be capped by the restoration period. The restoration period may be any number of months, but you will most commonly see 3 months, 6 months or even a year. Typically, the restoration period may be negotiated for an additional premium.

Shortcomings of BI Coverage:

These are some of the concerns clients have with Business Interruption coverage in a Cyber policy:

  • Limits available may be too low – coverage would be exhausted before the insured’s operations are restored.

  • Business Interruption may be too narrowly defined – it’s essential to look at what is required in order to trigger BI coverage. Does the coverage require a complete shutdown of business operations, or is reputational damage enough?

  • Coverage triggers may be limited – the type of cyber events covered may be limited to attacks with malicious intent. Malicious intent isn’t always the root of business interruptions. Sometimes it’s the popularity of a business or a website that makes it susceptible to a slow down or complete shutdown. System updates or upgrades, system failure, or even human error may cause systems to shut down.

Contingent Business Interruption

Contingent Business Interruption (sometimes called Dependent Business Interruption) covers the insured’s loss of income due to an interruption in the service of a third-party service provider caused directly by the failure of that provider’s network.

One example is a loss in sales caused by the credit card processing company’s network being hacked.

Here’s a second example: Think of an online retailer whose website is hosted by an outsourced web hosting provider. Due to the provider’s outage, she wasn’t able to make any sales for an entire day. In this example, the retailer may be eligible for a claim under her cyber policy’s Contingent Business Interruption coverage.

Similar to BI, Contingent Business Interruption (CBI) may not always be included in your cyber policy. If coverage is there, be sure to understand which dependent or contingent businesses would apply. Also note that some policies restrict this coverage to technology service providers while other policies may include a broader range of service providers.

If you are a broker, be sure to understand the ins/outs of Business interruption. This coverage is way too valuable to be an afterthought!  We know that Cyber insurance is fast evolving, and BI is a significant component of this evolution.

Want to learn more about Cyber Liability Insurance?

Sign up to view our free Cyber 101 mini course.

Share on facebook
Share on twitter
Share on linkedin

Sign up for Cyber Insurance 101

Best Seller
1.5 Hours

Cyber Insurance 101


Understand the fundamentals of Cyber Insurance: how and why privacy and security breaches create exposures for companies,  what coverage is available under Cyber Insurance and how to compare coverage between policies. This course also includes a comprehensive coverage analysis guide.