Covering Business Interruptions from System Failures, Cyber Attacks

As businesses become more connected and rely on their networks, websites and outside cloud services to conduct their operations, failure on any of these fronts poses a serious risk.
Your networks, websites and cloud services can all go down for various reasons like system crashes, hardware or electrical failures, or hacking and cyber attacks. Any of these can disrupt or completely freeze your operations, depending on how much your organization has gone digital.
With these risks growing, you need to have plans in place for keeping your operations humming along should you encounter an incident.
This is important because every minute your site or network is down is another minute you could be making money.
Finally, you should consider cyber insurance, which can cover the business interruption costs from system failures, cyber attacks and cloud service failures.

How cyber attacks happen
Cyber criminals are increasingly focused on gaining access to a company’s network through weaknesses in the system. They do this through hacking or sending bogus e-mails urging recipients to click on a link (and surprisingly many do).
As cyber crime evolves, so have the methods of attack and there are many ways criminals launch attacks that can freeze your operations:
• Malicious code that renders your website unusable.
• Distributed denial of service (DDoS) attacks that make your website inaccessible to both employees and customers.
• Viruses, worms or other code that deletes critical information on a business’s hard drives and other hardware.

If any of these occur, your operations could be disrupted or completely shut down, leaving you scrambling. And if you run a small organization without a dedicated IT staff, the effects can multiply for you.

Defenses you can implement
You can reduce your chances of business interruption due to a cyber attack and network failure by following these tips:
• Create a formal, documented risk management plan that encompasses all of your systems, including each of their weaknesses, the data they store and processes. This plan should also rank each system’s importance to your organization, so you know where to focus your resources.
• Make sure all firewalls and routers are secure and kept up to date to help defend against a cyber attack.
• Implement a cyber security policy that educates employees about the damage a cyber attack can cause and teaches them how to identify malicious e-mails and links. Your policy should also include rules for personal mobile devices and for accessing personal e-mail and social media accounts from work computers.
• Install software updates for your operating systems and applications when they become available.
• Implement a strict password policy and have employees change passwords every 90 days.
• Limit employee access to company data and information, and limit authority to install software to just a few key employees.
• Make sure you are covered by a cyber liability insurance policy.

Covering a business interruption
Insurance coverage will depend on the reason for a disruption to your operations due to a failure of your network, website or cloud service.
If a network goes down because of a fire, for example, rendering the servers inoperable, your property insurance would cover the costs of replacing the servers and a standard business interruption policy would cover lost revenues.
However, if an outage is purely a network issue or due to a cyber attack, then a good cyber insurance program would likely come into play.
Most cyber policies provide an option for covering the costs of business interruption from a network security failure. That includes incidents like DDoS attacks or hackers accessing your network and deleting critical files, or adding malicious code that causes the system to fail.
Some cyber insurance policies will also cover a system failure, such as an “unintentional or unplanned outage” on your network.
Coverage would kick in if the failure was the result of human or system error, or both. For example, this could include an instance of you installing a new inventory management system and it unexpectedly causes your network or website to crash.
Unfortunately, very few insurers offer this coverage extension now, but as more organizations become more reliant on technology, more products will enter the marketplace.

Cloud risk
But what if a cloud service that hosts all of your important data fails? You could be left holding the bag because most outside vendors often contractually limit their liability for outages.
Under a typical business interruption scenario, if your business is disrupted as a result of a vendor or supplier going down, a contingent business interruption policy would cover it. But, few such policies will cover a cloud failure.
That said, some cyber policies offer this coverage. So, if a cloud failure would be catastrophic to your operations, talk to us about this option.