Business Interruption Is The #1 Cyber Risk

Uploaded on 2025-02-17 in TECHNOLOGY--Resilience, FREE TO VIEW

Cyber security risk, including ransomware, data breaches and IT disruptions, remained the top business concern worldwide over the past year.

A recent Report published by the International Underwriting Association (IUA) underscores the need for cyber business interruption (BI) risks to receive the same level of attention as information technology security controls and ransomware threats.

The new IUA guide also aims to help insurers navigate money handling requirements in the European Union. Across the continent insurers face varying approaches to risk transfer and the distribution of insurance through agents, sub-agents, or brokers. Often, they have to agree to ‘cascaded’ risk transfer, making them responsible for funds held by parties further down the distribution chain.

The Report outlines the different requirements and approaches encountered in 15 key European markets. The publication states whether risk transfer is possible or, indeed, mandatory. It also describes how risk transfer can be cascaded and the general market practice for the protection of premium and claims funds held by a sub-agent.

The IUA’s Cyber Underwriting Group first published a Business Interruption Report in 2018 which provided an overview of the subject and the principles of how a loss would be calculated.

The 2025 Report, produced in collaboration with professional services firm Baker Tilly, examines cyber security and attack trends from recent years.

It notes that while understanding of cyber business interruption has progressed, further improvements are needed to enhance the claims process for both insurers and policyholders. Helen Dalziel Director of Public Policy at the IUA, said that the cyber insurance market has seen a notable increase in business interruption claims in terms of both frequency and financial impact.

In particular, she referenced a high-profile and costly incident involving CrowdStrike as an examples of the risks businesses face.

A separate report from Allianz identifies the major business risks for 2025, which finds that cyber incidents are the top global risk for 2025 and by a higher margin than ever before, 7% points ahead of business interruption in #2. “It is the fourth year in a row that cyber is ranked #1 after first ranking top in 2020. Ten years ago, it ranked only #8 globally with just 12% of responses." Allianz conclude.

In comment, the principal at leading law firm Baker Tilly, Ben Hobby, emphasised the importance of business interruption cover as a key component of cyber insurance policies and its role in claim settlements.

“Business interruption cover is a critical part of a cyber insurance policy and can be a significant part of any claim settlement. We therefore consider it critical to the cyber insurance market’s continued success to share these experiences so that cyber business interruption and the resulting financial exposures are better understood.”

Hobby says that sharing insights gained from handling cyber claims is crucial to improving understanding of financial exposures related to cyber business interruption.

At government level, a recent Report from the UK National Audit Office, an independent parliamentary agencyy, highlighted concerns about cyber security practices across Britain’s central government, where outdated computer systems are at risk of failing to meet their own cyber security targets, increasing the risk of a disruptive incident.

Image: Ideogram

You Might Also Read:

Cyber Insurance: The Cost Of Doing Business:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.