Changing nature of business interruption

Labour strikes, cyber intrusion, power outages, disruption to transportation networks, political unrest and terrorist threats. These are just some of the reasons businesses and their supply chains have been prevented from going about their normal day-to-day activities in recent months.

On May 15, a fake bomb caused a football match at Old Trafford to be postponed, just minutes before kick-off in a premiership game between Manchester United and Bournemouth.

Businesses perceive the overall level of risk has increased, the key drivers of which are cyber crime and data security risk

Other recent causes of disruption have stemmed from the French ferry workers strike and migrant crisis, which resulted in gridlock for days on the M20 and into the Continent. In total, cross-Channel disruption cost the UK economy an estimated £250 million a day.

There is a growing realisation among risk managers, insurers and brokers that in a global, interconnected world, where technology plays an increasingly important role, business interruption can arise from a wide range of sources. Each of the top ten risks identified by the World Economic Forum 2016 Global Risks Report, including large-scale involuntary migration, data fraud or theft and interstate conflict, can disrupt the normal flow of business.

Because so many of these sources of business interruption can be caused by events that do not result in physical damage to the insured or its main suppliers, it is now accepted that traditional business interruption (BI) insurance cover needs a rethink. This was the conclusion of an Airmic guide on Overcoming Hurdles in Business Interruption, produced in partnership with broker Marsh.

Organisations of all sizes and from a variety of different sectors are vulnerable to cyber attacks. According to QBE’s Business Risk Sentiment research, conducted in the latter part of 2015, businesses perceive the overall level of risk has increased, the key drivers of which are cyber crime and data security risk.

However, the impact of business interruption arising from a cyber attack is a risk that can be underestimated. In 2011, the Sony PlayStation Network was down for nearly a month after a hack that exposed 77 million accounts.

The main impacts UK businesses say they have suffered, according to the UK government’s Cyber Security Breaches Survey 2016, are staff time taken up both in dealing with a breach, being prevented from working as usual and repair costs. This was echoed by an Aon Risk Solutions report which found that while “media coverage of cyber incidents tends to focus on data privacy and regulatory fines, clients’ number-one risk concern across the board is business interruption”.

Insurers, working in partnership with brokers, should advise organisations on the extent of their BI coverage and on products that include both physical-damage and non-damage triggers, including specialist covers such as cyber that can help to plug any gaps. The onus is also on insurance buyers to make available quality data that will allow underwriters to build a clear picture of an organisation’s risk profile, including its supply chain exposures, a duty that has been clearly enshrined in the Insurance Act 2015.

It is clear the wording surrounding business interruption risk and insurance needs to better reflect the realities of the modern business environment. Adapting traditional covers will ensure BI insurance is fit for purpose now and into the future, and will give comfort to insurance buyers. It will fulfil the promise of BI insurance, helping them get back on their feet as quickly as possible when the worst happens and indemnifying them for any loss of income, whatever the cause.