Business Resilience Insurance Program

Lockton working in partnership with Lloyd’s has developed a unique insurance protection program, called Business Resilience Insurance Program to address the threats to electronic information assets and computer networks from non-physical causes. The program covers:

Data Breach Reputation Harm 

What if the vendor is unable to fulfil the contract due to political violence, forced divestiture, license cancellation, terrorism and other causes? In that event, the client would be forced to abandon the contract and seek to resource that service with another vendor or potentially back to itself. In outsourcing, the employees and facilities may have been eliminated and there could be considerable costs in resumption internally or in finding another appropriate vendor. 

Off-Shoring Protection

Off-Shoring Protection coverage will reimburse the named insured for abandonment and relocation costs as well as extra contractual costs of working during the period of indemnity as a direct result of a variety of force majeure perils defined in the policy. This coverage can be purchased directly by the client or be part of the negotiation of the outsourcing contract itself.

Non-physical risk events – Protection of Electronic Digital Assets and Computer Networks

This unique first party insurance program is designed for clients who have time-critical networks and who have invested in security prevention and business continuity planning. Other underwriters or insurers with first party cyber programs, either stand-alone or attached to a third party cyber policy, may not offer the breadth of coverage that would really protect the business in event of a loss. 

In terms of electronic information assets (whether applications, operating systems or data) and networks, critical risks are not physical or weather-related unless the data center is situated in an area subject to catastrophic wind, water, or earthquake perils. Disruption and damage are more likely to be caused by human error or computer attacks, where the physical building and hardware remain undamaged. The cause of losses can be a result of operational mistakes and breaches of security, or whether the perpetrator is inside or an unknown outside hacker. 

There are three coverages offered:

• Data/electronic information loss
  Covers the cost of recollecting or retrieving data destroyed, damaged or corrupted due to a computer attack.
• Business interruption or network failure expenses
  Covers cost of lost net revenue and extra expense arising from a computer attack and other human-related perils - especially valuable for computer networks with high availability needs.
• Cyber-extortion
Covers both the cost of investigation and the extortion demand amount related to threats to commit computer attacks or implant viruses, etc. 

With respect to non-physical risks coverage, key differentiators are:

• Coverage includes administrative or operational mistakes as defined, aspects of accidental damage or destruction, and computer attacks
• No small internal indemnity limits per hour
• No sub-limit for virus exposure
• Outsourcing/off shoring risks – contingent business interruption and data damage
• Minimum 4-hour waiting period
• Expanded coverage and limits for special expenses