What is the waiting period in cyber insurance?

If your small business experiences a data breach, ransomware attack, or other cybersecurity system failure, the financial burden can be business-ending. Cyber insurance helps companies recover from cyberattacks by paying for legal fees, credit monitoring services, and more.

There are two main types of cyber insurance. Understanding what each policy covers can help you purchase the right protection for your small business’s cyber risk management plan.

First-party cyber insurance, also called data breach insurance, provides a financial shield around a business that gets attacked by cybercriminals. This coverage pays for recovery expenses, including:

• Notifying customers and providing credit monitoring after a data breach
• Restoring and replacing data or bricked devices
• Hiring crisis management services to help with reputational damage
• Reimbursing you for income lost during any interruption to business

Third-party cyber insurance protects your business against claims from external parties, such as a client who accuses an IT consultant of failing to prevent a data breach at their business. This policy pays for your legal defense, from attorney fees to judgments and settlements.

While standard business interruption insurance (BI) excludes cyber-related incidents, that’s where cyber insurance comes in. Many cyber liability policies include BI coverage, or you can add it as an endorsement.

Cyber business interruption coverage takes care of first-party cyber-related claims. For example, if your business is forced to temporarily shut down after a social engineering attack, BI will cover your financial losses, including:

• Lost revenue during an outage
• Employee wages
• Rent or mortgage costs
• Extra expenses to get your operations back on track, such as hiring IT experts

Third-party claims require contingent business interruption coverage (CBI). This policy add-on covers your financial losses if an external partner — such as a manufacturer, supplier, or IT service provider — shuts down after a cyber incident.

For example, if an accountant’s cloud-based software provider has a data breach, cyber contingent business insurance will pay the accountant’s operating costs while they wait for the software to get back online or find an alternative.

If your business experiences a cyberattack that disrupts operations, the waiting period—typically between 6 and 12 hours—must pass before your cyber insurance policy will begin covering your losses.

Insurance companies require waiting periods to help control costs and confirm that a policy is only being used for substantial disruptions, as opposed to incidents that are quickly straightened out.

Don’t get blindsided by a waiting period. Before you purchase a cyber insurance policy, it’s critical to review all policy wording. Here are some important details to look out for:

Business needs

Assess your company’s tolerance for operational downtime by determining a few factors:

• The amount of financial loss your business can sustain if its systems go down
• Your business’s average incident response time after a security failure
• The impact that network outages would have on your business operations

Length of time

The duration of a waiting period varies by insurance carrier. While some policies have no waiting period and others might be more than 24 hours, the average waiting period is between 6 and 12 hours.

Keep in mind, shorter waiting periods might be negotiable for an increased premium. This could be especially beneficial if your business heavily relies on continuous, real-time computer systems and online operations, such as financial service firms, hospitals, and e-commerce retailers.

Payout terms

Typically, there are two ways that a waiting period can be structured to define how much loss the policy will cover:

• Time-based retention: In this model, the policy treats the waiting period as a deductible and will only cover losses incurred once the waiting period expires.

For example, if a policy has a 12-hour waiting period and business is down for 24 hours, the first 12 hours of lost income will be absorbed by the policyholder, and the insurer will cover the remaining 12 hours.

• Qualifying period with retroactive retention: In this model, the waiting period is the qualifying trigger. Once a business interruption outlasts that waiting period, the policy is triggered, and coverage will then apply retroactively, from the very beginning of the loss event.

For instance, if a policy has a 12-hour waiting period and business is down for 24 hours, once 12 hours have passed, the insurer will cover all 24 hours of income loss.

Indemnity period

A policy’s indemnity period is the specific amount of time insurance will cover business losses after a cyber incident. This period typically lasts up to 180 days, but some policies may offer coverage for up to 12 months or more.

In addition to cyber BI, there are a few other types of BI coverage you can purchase:

When a business experiences a disruptive event, extra expense coverage pays for any non-ordinary costs, such as moving to a temporary location, leasing equipment, or paying employees overtime during the transition.

Ready to compare policies to find the best cyber insurance coverage? Insureon makes it easy to get free quotes from top-rated insurance providers by filling out our easy online application. You can also speak with a licensed insurance agent if you have questions about waiting period terms.

Once you find the right policies, you can begin coverage in less than 24 hours and get a certificate of insurance (COI) for your small business.