Three years have passed since I participated in a panel on cyber security trends at the 2016 annual meeting of the Loss Executives Association (LEA). Since 2016 I have continued to see an evolution in the treatment of cyber business income in insurance policies. Here are some highlights of the changes that have occurred since the LEA panel:
1. Policy limits on cyber business income have increased significantly.
2. A higher percentage of corporations have coverage for cyber business income losses and as a result the overall scale of covered business income losses is greater.
3. Insureds, in general, are not preparing sophisticated loss of income claims. Third-party professional claims preparers are not being retained at the same frequency as they are on property losses.
4. Historically, the periods of indemnity on cyber losses are measured in hours or days, not months. As a result, much of the loss of income is recovered in a policy’s extended period of indemnity.
5. Extended period coverages are generally 30 or 60 days, resulting in material uninsured losses for some cyber policyholders.
6. The customers of insured businesses generally are less sympathetic (based on retention of customers after an incident) about a cyber “breach” than they are about a fire or natural catastrophe.
Please note that the above comments are general in nature and do not represent my experience on all cyber losses relating to cyber fraud. If you have questions about the treatment or calculation of cyber business income losses, please get in touch with me.
972-980-5060 • firstname.lastname@example.org