We're sorry but your browser is not supported by Marsh.com

For the best experience, please upgrade to a supported browser:

X

RISK IN CONTEXT

Internet of Things Attack Shines Spotlight on Insurance Coverage Issues

Posted by Thomas Quigley 11 November 2016

Baby monitors. Home routers. Digital video recorders. These were among the devices used to overload an internet infrastructure company. This unprecedented distributed denial of service (DDoS) attack brought down several popular websites on 21 October in the US and Europe. The use of simple devices connected to the Internet of Things (IoT) marks a turning point for cyber-attacks, which continue to grow in sophistication and virulence.

Such events raise many risk management questions for communications, media, and technology companies – indeed all companies – in a number of areas, including how insurance will respond.

Gaps in Coverage

One insurable risk that companies need to understand in such situations involves contingent business interruption (CBI). Manipulating devices to conduct the recent DDoS attack undoubtedly interrupted business and caused revenue loss for some companies, highlighting the need to understand what CBI covers.

Losses from such attacks could affect several insurance lines, including cyber, property, and casualty. How business interruption and CBI losses are covered will largely depend on your insurance programme structure.

Property and casualty insurers generally provide cover for some cyber exposures – depending on specific circumstances – and cyber insurers are broadening and enhancing risk transfer options. As a result, it’s important to look at all three coverage areas in relation to a cyber-attack that disrupts your operations.

In the event of an outage from one of your service providers, consider:

  • The amount you will be reimbursed by your service provider if its outage causes you to lose revenue.
  • How your insurance programme will respond if you lose revenue due to the outage.
  • The indemnification agreements and other details in your contract with the provider.
  • The terms, conditions, and exclusions in your policies to help you understand whether the loss is covered.
  • Standalone cyber insurance policies, which can provide coverage, absent physical damage, for business interruption, extra expense, and CBI.

Companies with IoT connectivity in their products should explore potential liability scenarios emanating from product failure.

Work with your insurance advisors to understand your exposure by examining current claim scenarios to determine how they might impact your operations. Such information can help you prepare your business for a service provider’s outage.