News & Insights

Understanding cyber business interruption and how it could impact your business

Published 23 July 2020

Being forced to suspend trading due to cyber interruption can cause bigger losses than the event itself. This article identifies key business vulnerabilities and offers risk management solutions.

When a company’s network goes down or is significantly impaired for sustained period, it can incur significant costs in getting the network back up and running to substantially the same level as it was before the incident. It can also suffer significant impairment to its business income both during the outage and for quite some time afterward.


Cyber-initiated business interruptions can be caused by malicious or non-malicious events. Examples of malicious causes are ransomware, DDoS (distributed denial of service) attacks or crypto-jacking. Most of the media’s recent ransomware focus has been on the escalating amounts of ransom demanded and paid, and the cost of data recovery when the victim’s network is not properly decrypted, but the affected company can also suffer a substantial loss of business income (as well as incur significant extra expenses) before even a decrypted network is fully restored.

Non-malicious cyber business interruptions can occur during system upgrades or network patches, or from software coding errors or incompatibilities. A software coding glitch crashed the network of a prominent company in the travel industry in 2017, and was reported to have caused a loss of more than $100M, according to news network CNN Money.

Malicious and non-malicious cyber business interruptions

There are various ways in which a company’s income and operations can be affected by a cyber business interruption, either malicious or non-malicious in nature. The principal ones include

  1. its own network is impaired
  2. the network of one of its outsourced it providers (cloud providers of it services) is impaired
  3. the network of its critical supply-chain providers is impaired
  4. the network of some other critical third-party provider (eg: electricity, gas, internet services) is impaired.

Cyber insurance can provide insurance coverage for the first three causes listed above; it is very difficult to obtain coverage for the fourth listed cause. Insurers normally ask companies to identify their key outsourced providers during the underwriting process. Insurers sometimes limit the cyber insurance coverage they will provide for outages, especially non-malicious outages, incurred by the insured’s outsourced providers.

Insurers also generally require ‘waiting periods’ ‒ the minimum amount of time that the business interruption must last before the loss becomes payable – and ‘restoration/indemnity periods’ ‒ the time boundaries for measuring the loss. Not all insurers define these terms the same way, and the differences can significantly affect coverage.

Cyber business interruption insurance risk exposures

The extent of a company’s exposure to cyber business interruption and loss will depend on many factors specific to its operations and practices.

Main factors that contribute to the cyber impact on business interruption are the extent of its cyber risk management practices, and the ability to respond or react to a cyber business interruption — including incident response, business continuity and disaster recovery plans.

Other factors that come into play with cyber incident impacts on business are

  • the nature of its business model (eg: will income be probably lost or primarily just delayed until the network is restored)
  • the rapid and smooth coordination among its internal first responders, its outside breach response providers, and its cyber insurers
  • the recency and availability of network backups, and whether its backup process is as effective when needed as it seemed on paper
  • with respect to business interruptions at a company’s outsourced IT providers or critical supply-chain providers, the ready availability of adequate alternative sources of IT services or critical supplies, as well as those IT service providers or critical supply-chain providers that themselves suffer cyber business interruptions and are therefore unable to comply with their own obligations to provide the company with services or products
  • contractual indemnification rights and protections, as well as other legal remedies, it may have with respect to third parties responsible for causing the interruption (eg, for transmitting ransomware or other malware to the company’s network)
  • the degree to which the company’s business income is susceptible to impairment from lost customers or bad publicity.

The foregoing is a brief and necessarily incomplete general description of cyber business interruption and of the availability and extent of cyber insurance to address the full range of potential losses.

Talk to a Gallagher cyber specialist today, and learn more about how your business may be affected by a cyber business interruption, cyber insurance coverage options and available risk management solutions.


Connect with an expert


Gallagher cyber experts

John Doernberg, National Director, Cyber Practice, Gallagher US

Robyn Adcock, Gallagher Cyber/Technology Practice Leader, Gallagher Australia


Further reading

Cyber insurance broker

Insurance market update: business continuity and your plan B


Additional information 

Computer Meltdown May Cost British Airways over $100 Million, CNN 

Gallagher provides insurance, risk management and benefits consulting services for clients in response to both known and unknown risk exposures. When providing analysis and recommendations regarding potential insurance coverage, potential claims and/or operational strategy in response to national emergencies (including health crises), we do so from an insurance and/or risk management perspective, and offer broad information about risk mitigation, loss control strategy and potential claim exposures. We have prepared this commentary and other news alerts for general information purposes only and the material is not intended to be, nor should it be interpreted as, legal or client-specific risk management advice. General insurance descriptions contained herein do not include complete insurance policy definitions, terms and/or conditions, and should not be relied on for coverage interpretation. The information may not include current governmental or insurance developments, is provided without knowledge of the individual recipient’s industry or specific business or coverage circumstances, and in no way reflects or promises to provide insurance coverage outcomes that only insurance carriers’ control.

Gallagher publications may contain links to non-Gallagher websites that are created and controlled by other organisations. We claim no responsibility for the content of any linked website, or any link contained therein. The inclusion of any link does not imply endorsement by Gallagher, as we have no responsibility for information referenced in material owned and controlled by other parties. Gallagher strongly encourages you to review any separate terms of use and privacy policies governing use of these third party websites and resources.

Insurance brokerage and related services to be provided by Arthur J. Gallagher & Co (Aus) Limited (ABN 34 005 543 920). Australian Financial Services License (AFSL) No. 238312

Negotiating with a hacker in a ransomware attack on a business
Cyber | Article

Negotiating with a hacker in a ransomware attack on a business

07 July 2022
Legal penalty highlights businesses’ cyber security obligations
Cyber | Article

Legal penalty highlights businesses’ cyber security obligations

21 June 2022
Adapting your risk management protections to match evolving cyber cover
Cyber | Report

Adapting your risk management protections to match evolving cyber cover

31 May 2022