Business Interruption Is The #1 Cyber Risk

Cyber security risk, including ransomware, data breaches and IT disruptions, remained the top business concern worldwide over the past year.

A recent Report published by the International Underwriting Association (IUA) underscores the need for cyber business interruption (BI) risks to receive the same level of attention as information technology security controls and ransomware threats.

The new IUA guide also aims to help insurers navigate money handling requirements in the European Union. Across the continent insurers face varying approaches to risk transfer and the distribution of insurance through agents, sub-agents, or brokers. Often, they have to agree to ‘cascaded’ risk transfer, making them responsible for funds held by parties further down the distribution chain.

The Report outlines the different requirements and approaches encountered in 15 key European markets. The publication states whether risk transfer is possible or, indeed, mandatory. It also describes how risk transfer can be cascaded and the general market practice for the protection of premium and claims funds held by a sub-agent.

The IUA’s Cyber Underwriting Group first published a Business Interruption Report in 2018 which provided an overview of the subject and the principles of how a loss would be calculated.

The 2025 Report, produced in collaboration with professional services firm Baker Tilly, examines cyber security and attack trends from recent years.

It notes that while understanding of cyber business interruption has progressed, further improvements are needed to enhance the claims process for both insurers and policyholders. Helen Dalziel Director of Public Policy at the IUA, said that the cyber insurance market has seen a notable increase in business interruption claims in terms of both frequency and financial impact.

In particular, she referenced a high-profile and costly incident involving CrowdStrike as an examples of the risks businesses face.

A separate report from Allianz identifies the major business risks for 2025, which finds that cyber incidents are the top global risk for 2025 and by a higher margin than ever before, 7% points ahead of business interruption in #2. “It is the fourth year in a row that cyber is ranked #1 after first ranking top in 2020. Ten years ago, it ranked only #8 globally with just 12% of responses." Allianz conclude.

In comment, the principal at leading law firm Baker Tilly, Ben Hobby, emphasised the importance of business interruption cover as a key component of cyber insurance policies and its role in claim settlements.

 “Business interruption cover is a critical part of a cyber insurance policy and can be a significant part of any claim settlement. We therefore consider it critical to the cyber insurance market’s continued success to share these experiences so that cyber business interruption and the resulting financial exposures are better understood.” 

Hobby says that sharing insights gained from handling cyber claims is crucial to improving understanding of financial exposures related to cyber business interruption.

At government level, a recent  Report from the UK National Audit Office, an independent parliamentary agencyy, highlighted concerns about  cyber security practices across Britain’s central government, where outdated computer systems are at risk of failing to meet their own cyber security targets, increasing the risk of a disruptive incident. 

IUA     |   IUA     |   Insurance Business Mag   |   Slipcase     |  Cybersecurity Dive  |  Hiscox   |    Allianz

Image: Ideogram

You Might Also Read: 

Cyber Insurance: The Cost Of Doing Business:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« US Researchers Launch A DeepSeek Competitor
Britain Fast-Tracks Military Recruitment For Cyber Defence »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Radisys

Radisys

Radisys offers software, products, integrated systems, and professional services for communication service providers and telecom solution vendors.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Secure Recruiting International (SRI)

Secure Recruiting International (SRI)

SRI is an industry leader in Information Security , Networking, Wireless and Storage recruitment.

Hillstone Networks

Hillstone Networks

Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud.

CodeOne

CodeOne

CodeOne provides solutions for website and web app security.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

Fraud.com

Fraud.com

Fraud.com ensures trust at every step of the customer's digital journey; this complete end-to-end protection delivers unified identity, authentication and fraud detection and prevention.

AVORD

AVORD

AVORD is a cloud-based security testing platform that allows clients to manage security testing requirements in a far more productive and efficient way.

Pipeline Security

Pipeline Security

Pipeline is a leader in cybersecurity, offering comprehensive services to protect organizations from evolving threats.

Cybersecurity Defense Initiative (CDI) - University of Arkansas

Cybersecurity Defense Initiative (CDI) - University of Arkansas

The Cybersecurity Defense Initiative is a national cybersecurity training program, developed for technical personnel and managers who monitor and protect our nation's critical cyber infrastructures.

Ark Infotech

Ark Infotech

Ark Infotech is a provider of cloud management services, selective support services, and technology solutions.

Atlas Systems

Atlas Systems

Atlas Systems helps companies large and small accelerate their digital transformation journeys – expanding their capabilities and delivering tailored solutions including cybersecurity.