Magazine article Risk Management

Securing Coverage for Cyberattacks

Magazine article Risk Management

Securing Coverage for Cyberattacks

Article excerpt

Recent high-profile cyberattacks have demonstrated that hackers do not always intend to steal. Instead, many hacks are designed to disrupt normal business operations and damage computer systems or even brick-and-mortar property.

The reasons for this trend are varied. Some cybercriminals target computer systems to further espionage, extortion, political or "moral" causes. Some of these hacks are merely incidental to technological trends in the internet of things arena that have increased connectivity of a wide range of products and systems. In this new environment, then, risk managers need to closely consider their first-party coverage for losses of business income and damage to reputation.

Companies are vulnerable to a variety of potential cyber events that can trigger coverage. Ransomware can hold entire networks hostage until the targeted policyholder pays the extortion fee. Hidden malware in apps for smart devices can result in data breaches. Indeed, there seems to be an almost unlimited set of tools that hackers can use to steal, impair or destroy information in the cyber world that can result in physical damage and tangible economic impact to a company in both the short- and long-term.

While certain aspects of damages can be straightforward, such as ransom demands or credit-monitoring expenses, first-party policy language, including cyber policy language, can make it challenging to quantify loss of income as a result of a cyberattack. How much does an online retailer lose if its website is taken down on Cyber Monday? Will the insurance company argue that there were make-up sales if the policyholder was able to come back online in a day? What if the impact lasts a week? Is there brand loyalty such that a customer might shop at a physical location instead? Is there longterm reputational harm to the brand? The claim process involving the answers to these questions may not be easy.


Cyber events can cause physical damage to property as well. Machines used in modern manufacturing are often controlled by computer equipment that may be susceptible to cyberattacks. Refineries and chemical manufacturers manage high temperature and high pressure vessels using computers. If a cyberattack does occur, valuation issues will be similar to those common with traditional first-party property claims. The initial period of interruption is tied to the period that it takes to repair the property. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.