As more businesses experience losses from cyberattacks, agents must become adept at assisting insureds in recovering lost income from these incidents.
Most insureds have no experience with cyber incidents, such as ransomware, distributed denial of service attacks (DDoS) or other types of system interruptions. Ransomware negotiations can drag on for days or weeks. And even after a ransom is paid, the system doesn’t come back with the flip of a switch. Decryption is often difficult and time-consuming. Even when it is complete, restoring data to systems that need extensive remediation beforehand can be a significant endeavor.
DDoS attacks are equally disruptive and can impede internet traffic to e-commerce sites for hours or days. These interruptions can often lead to a corresponding loss of net profit.
To claim these losses, the cyber policyholder must submit a proof of loss. This typically requires an insured to provide a notarized attestation of how a profit loss arose from the incident, along with a detailed listing of expenses incurred to remediate the loss. Importantly, to receive payment for a cyber business interruption loss, an insured must have experienced a triggering incident that starts with a system failure of a qualifying length of time. This length of time is referred to as a “waiting period.”
Navigating a cyber business interruption claim and filing a proof of loss for the first time can be intimidating, akin to sitting down at a blank canvas with a palette of paint for the first time and being asked to paint a masterpiece. However, there are ways to help with the claim.
If you want to paint a picture, you can buy a paint by numbers kit. Once you’ve filled in the spaces with the appropriate colors, you’ve produced something that should look like the picture on the box. Like a paint by numbers kit, identifying a process for filing a claim and collecting information before an incident happens will allow you to help an insured submit a cyber business interruption claim much more efficiently.
It sounds obvious, but policyholders and their insurance agents should start the claims process by reading the policy. Learn the terminology and any applicable deadlines or time limits. Agents may already be familiar with the business interruption process from handling property losses, but that is like comparing apples to oranges.
Agents and brokers must understand the concept of cyber business interruption to temper their customers’ expectations. For example, ongoing labor expenses are not typically covered by cyber policies. However, incremental labor costs, such as additional overtime incurred by IT staff to restore systems faster and make up lost production, are often covered.
Further, cyber business interruption loss is typically limited to net profits during a defined period, often called a restoration or indemnity period, and is not intended to be speculative in nature or in perpetuity.
Everyone should begin the process with the same set of expectations—and reading the policy and asking questions to qualified professionals, such as underwriters, claims representatives, brokers, agents or forensic accountants, is a good place to start. Even better, run through a mock cyber loss exercise before the real thing happens.
As soon as an incident occurs, the insured should set up a ledger to capture and isolate both the financial losses and resulting expenses in their accounting system. If an insured fails to do this from the beginning, these expenses can be submitted later in the process as part of the proof of loss, but setting up a separate ledger at the outset simplifies the process.
The cyber business interruption process is not only a paint by numbers activity; it is also a show and tell exercise. The carrier and any forensic accounting firm must understand all aspects of the cyber incident and how losses tie back to the incident and are not caused by other market conditions. Insureds need to back up their narrative with supporting documentation, such as financial statements and invoices for expenses.
Also, in the midst of reviewing a cyber business interruption claim, agents can inquire whether an interim payment of an undisputed amount can be quickly paid to an insured to assist with cash flow.
Finally, and maybe most importantly, more cyber carriers are offering sublimited coverage for proof of loss preparation costs. Essentially, an insured can retain a forensic accounting firm—with the carrier’s approval—and require the firm perform the heavy lifting by preparing the proof of loss and supporting documentation to submit a claim.
There are a multitude of resources for insurance professionals to brush up on current trends in cyber claims and coverages, including subscription services like Advisen and NetDiligence’s e-Risk Hub and ePlace Solutions; industry conferences sponsored by NetDiligence and PLUS; and free articles and blogs like Krebs on Security. Carriers are happy to answer questions, as are forensic accountants—Simon Oddy of Baker Tilly was consulted for this article. By investing time in these resources agents can help their customers with paint-by-numbers-like guidance so their proof of loss submissions look more like a Monet than a finger painting.
John Spiehs is vice president and cyber claims expert with Swiss Re Corporate Solutions and works out of the Kansas City office. Insurance products underwritten by Swiss Re Corporate Solutions America Insurance Corporation, Kansas City, Missouri, a member of Swiss Re Corporate Solutions.
This article is intended to be used for general informational purposes only and is not to be relied upon or used for any particular purpose. Swiss Re shall not be held responsible in any way for, and specifically disclaims any liability arising out of or in any way connected to, reliance on or use of any of the information contained or referenced in this article. The information contained or referenced in this article is not intended to constitute and should not be considered legal, accounting or professional advice, nor shall it serve as a substitute for the recipient obtaining such advice. The views expressed in this article do not necessarily represent the views of the Swiss Re Group (“Swiss Re”) and/or its subsidiaries and/or management and/or shareholders.
Copyright © 2023, Big I Advantage®, Inc. All rights reserved. No part of this material may be used or reproduced in any manner without the prior written permission from Big I Advantage®. For permission or further information, contact Agency E&O Risk Manager, 127 South Peyton Street, Alexandria, VA 22314 or email at info@iiaba.net.
