10 ADJUSTINGTODAY.COM Cyber Exposure Business interruption insurance typically applies only to circumstances where there has been physical damage by an insured peril at some location. Regarding an interruption of commerce carried out online through “cyber” means, business interruption coverage would typically respond only in cases where computer hardware was physically damaged by a covered peril and there was a delay in repairing or replacing caused by a covered peril. In any event, there would likely be no coverage under a standard business interruption policy for a suspension of operations or delay in resuming them caused by a typical “cyber” peril — such as hacking or the imposition of paralyzing “ransomware.” As a practical matter, insurers are seeking to separate coverage for cyber perils — typically willful acts of malicious individuals — from the coverage provided in commercial property policies and their business interruption coverage parts. It’s not uncommon in this high-tech world for an enterprise to hold very little in physical assets but to have enormous asset values in intangible data and intellectual property. Effective coverage of those exposures requires a separate cyber insurance policy with its own provisions for business interruption. The problem here is that some cyber policies, while starting to restrict coverage for certain cyber perils, also exclude coverage for losses caused by physical damage, the presumption being that such losses are the purview of the property policy. Civil authority provisions were developed with physical catastrophes in mind. A business can be shut down indefinitely even if it suffers little or no damage itself if there is damage elsewhere during an event that causes police, firefighters or other authorities to close off access. Agents, brokers and their clients need to be alert to some recent changes in the application of the civil authority provision of business interruption coverage. Prior to 2008 ISO’s standard business civil authority provision provided coverage regardless of where the damage occurred that led to the civil order. In the absence of a geographic limit there were huge and widespread business income losses from the September 11, 2001 attacks on the World Trade Center, which paralyzed parts of lower Manhattan for weeks, affecting many businesses in the area and beyond. In 2008 ISO modified its civil authority income and extra expense coverage to apply only if the damage prompting the order occurred up to one mile from the premises described in the policy declarations. Endorsements are available to amend that condition, as well as the time element deductible for civil authority coverage. Nothing should be assumed or overlooked regarding business interruption coverage, a disaster exposure that is at least as common as direct physical damage. WHAT TO WATCH FOR Is a separate cyber policy in place to cover income loss by “cyber perils?” Does it exclude coverage for losses arising from physical damage?
RkJQdWJsaXNoZXIy NjIxNjMz