Skip to main content
Marsh logo

Article

Navigating business interruption claims: Maximizing recovery after a cyber attack

Navigate complex business interruption claims after a cyber-attack with Marsh's expert guidance. Maximize your cyber insurance recovery and minimize disruptions.

12/24/2024 · 4 minute read

In today’s digital landscape, cyber attacks present significant risks to businesses, often resulting in substantial operational disruptions. Navigating business interruption claims stemming from these incidents can be complex and challenging. At Marsh, our Claims Solutions Advisory team is dedicated to helping clients manage these claims effectively, ensuring they maximize their cyber insurance recovery.

Business interruption claims following a cyber attack can be particularly intricate due to the unique nature of the losses involved. These incidents necessitate a comprehensive understanding of both the immediate and long-term impacts on operations. The first step in addressing these events is the First Notification of Loss, where our team provides critical guidance during the crisis management phase. This phase is essential, as it involves operationalizing your insurance coverage and capturing vital data that documents your response activities.

Key Initial Steps:

  1. Notify Insurers Promptly: Inform your insurers about the impact on your systems and operations, as well as any effects on your vendors’ systems that may have influenced your operations.
  2. Assess Customer Impact: Evaluate how the incident affects your customers and consider potential liability claims.
  3. Engage Recovery Vendors: Seek guidance and retain specialized external vendors for recovery efforts aiming at minimizing downtime and ensuring that all actions align with your insurance policy provisions.

To successfully navigate a business interruption claim, especially in the wake of a cyber incident, several key factors should be considered:

  • Choose the Indemnity Period Wisely: Already at the time of buying or renewing cyber insurance, selecting an appropriate indemnity period is essential. Businesses must evaluate the duration of the disruption and its economic impact to align their coverage definitions with the actual losses incurred. This strategic choice can significantly influence the recovery amount.
  • Maintain Detailed Records and Documentation: Keeping accurate records of all costs and related expenses is crucial. Establishing a specific Cost Centre allows businesses to effectively control and identify the economic impact of the cyber incident. Documentation serves as vital evidence during the claims process.
  • Consider Increased Costs of Working: In some cases, incurring additional costs to minimize disruption can be beneficial. This proactive approach can help reduce the overall period of interruption and mitigate shortfalls in turnover. Examples of increased costs of working are staff compensations for overtime work to accelerate the IT recovery, or hiring temporary workers in order to catch up on lost production capacity.
  • Account for Supply Chain Disruptions: Cyber attacks can have ripple effects throughout the supply chain. Assessing potential business interruption losses resulting from these disruptions is crucial, as they can contribute to the overall claim.
  • Evaluate Third-Party Liabilities: Understanding the potential liabilities associated with third parties affected by the cyber incident is essential. This evaluation helps identify obligations to customers or partners and ensures that all aspects of the incident are considered in the recovery process.

Case Study: A Real Claim Example

A machinery and equipment manufacturer operating across ten locations in Asia faced significant challenges following a ransomware attack that disrupted their operations for six to eight weeks. Initially, customer orders were not canceled, leading insurers to question whether any actual business interruption loss had occurred, especially given the six-month indemnity period outlined in their contract.

In response, Marsh provided essential services over a two-year period, including guidance, project management, and loss quantification. Our team prepared the necessary documentation to support the claim, demonstrating that the loss of production capacity was undeniable. We proved that production was running at maximum capacity before and after recovering from the disruption, and that cancellations followed due to delays caused by the incident.

Ultimately, the claim was successfully settled for several million euros, leaving the client satisfied with the outcome. This case underscores the importance of thorough documentation, strategic planning, and expert support in navigating complex business interruption claims.

Conclusion

In the face of cyber attacks, businesses must be prepared to manage the complexities of business interruption claims effectively. By maintaining detailed records, choosing indemnity periods wisely, and considering the broader impacts of supply chain disruptions, organizations can maximize their recovery. At Marsh, our Claims Solutions Advisory team is here to support you through every step of the process, ensuring you are well-equipped to handle the challenges that arise from cyber incidents.

For more information on how we can assist you with business interruption claims, reach out to your Marsh representative or contact us today.

Contact us

Related insights

Container lifting

Effective Cyber Incident Management Strategies for Supply Chain Resilience

12/24/2024
rocks on a beach, piled ontop of each other, grey aestehtic, 16:9, beach photo.

Webcast

Q4 2024 update on the US cyber insurance market

12/13/2024
Mountains and lake aerial view

Article

The price of privacy risk: Managing the wide range of data exposures

11/11/2024
Business Colleagues Walking

Article

Emphasizing preparedness: The role of out-of-band communications in cyber incident response

11/11/2024
View more