Business Interruption Is The #1 Cyber Risk

Uploaded on 2025-02-17 in TECHNOLOGY--Resilience, FREE TO VIEW

Cyber security risk, including ransomware, data breaches and IT disruptions, remained the top business concern worldwide over the past year.

A recent Report published by the International Underwriting Association (IUA) underscores the need for cyber business interruption (BI) risks to receive the same level of attention as information technology security controls and ransomware threats.

The new IUA guide also aims to help insurers navigate money handling requirements in the European Union. Across the continent insurers face varying approaches to risk transfer and the distribution of insurance through agents, sub-agents, or brokers. Often, they have to agree to ‘cascaded’ risk transfer, making them responsible for funds held by parties further down the distribution chain.

The Report outlines the different requirements and approaches encountered in 15 key European markets. The publication states whether risk transfer is possible or, indeed, mandatory. It also describes how risk transfer can be cascaded and the general market practice for the protection of premium and claims funds held by a sub-agent.

The IUA’s Cyber Underwriting Group first published a Business Interruption Report in 2018 which provided an overview of the subject and the principles of how a loss would be calculated.

The 2025 Report, produced in collaboration with professional services firm Baker Tilly, examines cyber security and attack trends from recent years.

It notes that while understanding of cyber business interruption has progressed, further improvements are needed to enhance the claims process for both insurers and policyholders. Helen Dalziel Director of Public Policy at the IUA, said that the cyber insurance market has seen a notable increase in business interruption claims in terms of both frequency and financial impact.

In particular, she referenced a high-profile and costly incident involving CrowdStrike as an examples of the risks businesses face.

A separate report from Allianz identifies the major business risks for 2025, which finds that cyber incidents are the top global risk for 2025 and by a higher margin than ever before, 7% points ahead of business interruption in #2. “It is the fourth year in a row that cyber is ranked #1 after first ranking top in 2020. Ten years ago, it ranked only #8 globally with just 12% of responses." Allianz conclude.

In comment, the principal at leading law firm Baker Tilly, Ben Hobby, emphasised the importance of business interruption cover as a key component of cyber insurance policies and its role in claim settlements.

 “Business interruption cover is a critical part of a cyber insurance policy and can be a significant part of any claim settlement. We therefore consider it critical to the cyber insurance market’s continued success to share these experiences so that cyber business interruption and the resulting financial exposures are better understood.” 

Hobby says that sharing insights gained from handling cyber claims is crucial to improving understanding of financial exposures related to cyber business interruption.

At government level, a recent  Report from the UK National Audit Office, an independent parliamentary agencyy, highlighted concerns about  cyber security practices across Britain’s central government, where outdated computer systems are at risk of failing to meet their own cyber security targets, increasing the risk of a disruptive incident. 

IUA     |   IUA     |   Insurance Business Mag   |   Slipcase     |  Cybersecurity Dive  |  Hiscox   |    Allianz

Image: Ideogram

You Might Also Read: 

Cyber Insurance: The Cost Of Doing Business:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« US Researchers Launch A DeepSeek Competitor
Britain Fast-Tracks Military Recruitment For Cyber Defence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud-based, PKI solutions for enterprises needing to conduct safe commerce, communications, content delivery and community interactions.

CERT.AZ

CERT.AZ

The national Cyber Security Center of the Republic of Azerbaijan.

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

Seemplicity

Seemplicity

Seemplicity revolutionizes the way security teams work by automating, optimizing and scaling all risk reduction workflows in one workspace.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

Finesse Global

Finesse Global

Finesse is a global system integration and digital business transformation company.

NORMA Cyber

NORMA Cyber

NORMA Cyber delivers centralised cyber security services to Norwegian shipowners and other entities within the Norwegian maritime sector.

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

Illustria

Illustria

Illustria is your agent-less “watchdog” for all open source libraries. Our mission is becoming a dev-velocity company, enabled via cyber security.

Lenze

Lenze

Lenze are an experienced partner for automation systems, digitalization and cyber security.