In this episode of “In the Know,” Heather Weaver of Lowenstein Sandler's Insurance Recovery Group explains some key issues to consider when negotiating your company's cyber policy in order to maximize coverage for potentially catastrophic losses resulting from network outages and other widespread events. Heather explains the key coverage grants to look for, as well as the importance of negotiating broad definitions and short waiting periods.
Speakers:
Heather Weaver, Counsel, Insurance Recovery
READ THE TRANSCRIPT
Heather Weaver: Hi, I'm Heather Weaver, counsel in Lowenstein Sandler's Insurance Recovery Group. Welcome to “In The Know.”
Today we are going to discuss key issues to consider when negotiating your company's cyber policy to maximize coverage for network outages and other widespread events. This has become critically important as businesses increasingly rely on digital systems to operate.
Just last year, we witnessed the costliest widespread outage in history, which resulted in billions of dollars in losses for Fortune 500 companies globally. Whether you're a small business owner or a tech leader, understanding these nuances can make a huge difference when the unexpected happens.
First, check to make sure that your cyber policy has one or more of the following:
- Business interruption coverage, which covers the income loss and extra expenses incurred by a company after it experiences a covered cyber event.
- Dependent or contingent business interruption coverage, which covers the income loss and extra expenses incurred by a company as a result of a third-party experiencing a covered cyber event.
- If your business relies on vendors, service providers, or suppliers, it is particularly important to ensure that any disruption to their business does not impact yours—and look for a widespread event endorsement, which is a specific endorsement that can be negotiated and added to your policy to explicitly cover the risk of systemic outages.
Second, review the policy language and definitions closely. Try to negotiate a policy that defines covered cyber events broadly to include system failures or network failures.
Sometimes cyber policies only cover security failures, which typically require a malicious intent such as a cyberattack. But not every network outage is the result of a malicious act—sometimes your systems just fail; whether it's due to software bugs, failed system updates, or even human error, these can be the most financially devastating cyber events of all, so make sure that you are covered for them.
Third, negotiate the shortest possible waiting period. The waiting period is the amount of time that must pass after a cyber event before coverage under the policy is triggered. This can have a huge impact on coverage, as a lot of damage can be done in a short amount of time.
Thank you for joining us. We look forward to seeing you next time on “In The Know.”
