“In order to be of more value to buyers, the cyber policy’s business interruption coverage may need to evolve in sophistication, becoming more like the business interruption coverage available for other perils,” Advisen concludes.
Many survey respondents find cyber business-interruption policies “too generic”, a result, Advisen suggests, of insurers adapting policies mainly aimed to protect data holders. “Current coverage offered by the market is OK for retailers or others that customers avoid after a breach,” the report quotes one respondent, “(i.e., I’m not shopping at Target), but doesn’t really work for companies like mine — real estate, leases in place, so no immediate revenue drop, but may not be able to secure new tenants due to breach.”
Among business-continuity cyber risks, the surveyed risk managers ranked as the top five:
With the RiskLens Platform, built on the FAIR model for quantifying cyber and operational risk, organizations make insurance purchase decisions informed by a clear picture of their top risks based on probable financial loss – in fact, the platform incorporates Advisen data to help risk analysts refine their estimates based on industry-wide data in addition to the organization’s own loss experience. This latest Advisen survey is a useful warning that the burden is on cyber insurance buyers to know their risks—and quantify before they buy.
Read the Advisen 2019 Information Security and Cyber Risk Management Survey.