Businesses today rely more than ever on their digital systems to keep things running—something cybercriminals are well aware of. By damaging digital assets or crippling systems in ransomware attacks, businesses operations can all too easily grind to a halt, leading to widescale disruption and the potential for lost income in the short and long term. To mitigate the risk, businesses need comprehensive cover for system damage and business interruption loss. But as the dependence on technology increases, the number of exposures in this area continues to expand, moving the goalposts for an effective, catch-all policy.
That’s why we’ve introduced key updates to the system damage and business interruption section of our CPR wording. From affirmative cover for temporary hardware replacement and the removal of the £1 million sub-limit on system failure, CPR is designed to provide broader, more flexible protection—empowering businesses to bounce back from disruption more effectively.
What's new: Clear, impactful coverage for our insureds
System damage and business interruption are among the costliest consequences of a cyber event, even threatening business survival. To give businesses not only support, but confidence and peace of mind, our CPR product rolls out a series of valuable upgrades.
-
Hardware replacement costs
We now provide affirmative cover for temporary hardware needed to help recover digital systems after a cyber event. Plus, we’ve expanded our definition of computer systems to include operational technology (OT), meaning we’ll cover the cost of replacing OT that’s been rendered unusable by a cyber event where it is more cost-effective to do so—an exposure that many insurers look to exclude.
-
System failure sub-limit removed
Previously, cyber cover had a £1 million sub-limit for non-malicious, system failure-triggered business interruption loss where the policy limit was more than £1 million. This precautionary measure has now been lifted. With the sub-limit removed, the CPR policy provides system failure coverage up to the full limit, giving businesses better protection—and value—than ever before.
-
Operator error trigger
Everyone makes mistakes, but when a simple slip-up—like deleting a critical database or botching a system upgrade—leads to costly downtime, businesses need protection. This coverage ensures that unintentional human errors don’t leave companies exposed. If human error causes the outage, you’re covered.
-
Time franchise language
We’re clarifying how our waiting period operates by confirming that it acts as a time franchise. The time franchise model offers a fairer, more responsive approach to business interruption claims. That’s because, unlike a time retention, a time franchise covers any losses incurred before the set timeframe elapses.
-
Emergency and additional operational continuity costs
Previously known as additional extra expense or AICOW, this coverage helps businesses mitigate a business interruption loss without the burden of an economic test applying to the additional costs incurred. This bolder, more intuitive name highlights its value, with clear wording to confirm that no economic test applies.
-
Voluntary and regulatory shutdown
Whether a business proactively shuts down systems to prevent greater losses or is forced to do so by a regulator in response to a cyber event, costs and the income loss incurred can quickly mount up. Our updated cyber wording ensures businesses are covered in both scenarios, providing financial protection when operations come to a halt.
-
Lost and missed bids coverage
A cyber event shouldn’t cost businesses their next big opportunity. Whether system downtime prevents them from submitting a bid or a cyber incident results in the bid being rejected, our updated wording ensures they’re covered for the income loss that follows.
-
Interim payments for faster recovery
When a cyber event disrupts operations, businesses may not be able to afford waiting for a business interruption loss to be adjusted before being reimbursed—they may need critical support right away. That’s why our updated wording includes interim payments, ensuring policyholders can receive funds quickly when they need them most—offering financial relief and peace of mind.
Business benefits: Financial protection when the worst happens
Even when a cyber incident is resolved quickly, system damage can go on to have long-term repercussions, while business interruption losses can continue for months and months.
Our enhanced system damage and business interruption cover ensures protection aligns with real-world cyber risks, closing gaps in cover and giving businesses greater confidence in their policy.
Navigating your cyber policy
Find the updated system damage and business interruption cover in Insuring Clause 4 of the CPR wording.
If you’d like to learn more about our system damage & business interruption cover or our new CPR product or have questions on anything cyber, contact us at cyber@cfc.com.
