Business interruption (BI) is widely perceived to be the most problematic area of cyber claims – and there’s two key factors at play behind that, according to Ben Hobby (pictured), principal of forensics, litigation and valuation services, at Baker Tilly.
Speaking at the 2025 Financial Lines Forum in Zurich, he highlighted that the first reason for this perception is the time it takes to get claims resolved and settled and the second is the disagreements that sometimes arise on the size of the claim itself. As with any complaints, he said, there’s an element of truth and an element of fiction involved but the perception is there regardless, and so needs to be addressed.
For that to happen, the market needs to understand what’s causing the problem. With Baker Tilly having handled in excess of 200,000 cyber BI claims, it has a wealth of experience at its disposal, he said, and what it has found is that in a significant number of these claims, it is having to work directly with the policyholder to explain the cover that is available.
“It helps to build a relationship with the insured… and I’m perfectly happy to do that but I think we would all agree that having that conversation in the middle of a cyber claim scenario… is not the best [timing]. And the reason I think we’re having that conversation at that point in time is because – and this is going to be controversial – cyber business interruption is not as well understood by the cyber market as it ought to be.”
Hobby noted that two questions stem from the root of that statement – why and what can be done about it? As to why cyber BI is not adequately understood, he highlighted that amid the ransomware ‘pandemic’ of 2020 and 2021, the eyes of the insurance and risk management markets were rightly fixed on cybersecurity controls in a bid to reduce the likelihood of these incidents occurring.
Conversations with underwriters in recent years reveal that they’re very happy with the information they get on cybersecurity controls, he said, but when you ask them about BI information, you get a very different answer. “Essentially the information they're getting could be written on the back of a very small envelope.”
That’s not a criticism, he said, because you talk to the risk management community, you understand the amount of information they have to get from the rest of the business, and to explain to brokers and insurers. All this takes a huge amount of time, which is a finite resource but it does mean there’s consequences for understanding around cyber BI, which really starts to bite at the underwriting stage.
“If the underwriters haven’t got as much information as they would like to properly assess the risk, they have to take an educated guess as to what they think the business interruption exposure is going to be by going through the rating models,” he said. “Because with competitive pressures, the underwriter is likely to be a little bit cautious and perhaps understate what they think the exposure is because it’s a soft market and you don’t want to find yourself not being price competitive from a premium perspective.
“A claim then happens… and when you have a claim, you know when the policy comes round to review, the premium is going up. But at the point of claim is probably the first time that the underwriter has got really good information as to what the true business interruption exposure actually is. And it's going to be more than they would have expected. So the insured is getting hit twice at renewal, once for having a claim, and a second time, because we've now got really good information for the first time.”
Hobby believes that these are two issues contributing to some of the volatility currently being seen in the cyber market, which everyone can agree is not healthy for anyone involved. To offset that, he said, there needs to be the same level of attention paid to cyber BI as there is to cybersecurity controls. Another key reason for the lack of understanding around cyber BI is likely the perception that the problem is too big to address, which is understandable when you consider the difficulties in quantifying cyber BI exposures.
If you consider traditional BI, he said, the loss is concentrated in one place and it’s easier to get an overview of supply chain impacts. However, when it comes to cyber, multiple locations can be impacted when an attack hits a network, and it can be can very difficult to understand the knock-on impact to the wider supply chain. Quantifying cyber BI exposures is complicated but it’s not impossible.
“Don't run away from it,” was Hobby’s top advice to the cyber market on approaching cyber BI and all its complexities. “At the moment, we’ve got the problem of cyber business interruption not being well understood and we’ve got the two sides of the fence – the buy-side and the sell-side not talking to each other in the way in which we would ideally like to tackle the problem head-on. And the consequences of this [situation] play out when there’s a claim.
“Let's please start talking about how we get better quality information out of the insured and into underwriters, so that we can actually improve both the underwriting process and also the claims process. When a claim happens - that's when this product is actually tested, and you really shouldn't be having arguments in the middle of it.”
