CBI coverage is generally an in-
cluded provision contained in most
large commercial property policies.
However, this included CBI coverage
will have a very small sub-limit. For
example, if the limit for the commercial property policy is US$25 million,
the CBI sub-limit may be as low as
US$100,000.
In order to obtain more robust
CBI coverage (i.e., higher limits and
broader terms), the carrier will typically want the policyholder to identify
the specific supplier, recipient, and
leader properties that are crucial to
the policyholder’s business. The carrier will then specifically underwrite
for those third-party properties. So,
for example, if the policyholder has
an important supplier in Japan, the
carrier will actually underwrite for
that specific Japanese company and
location. It may then exclude certain
specific perils it deems too risky. One
such peril often excluded by carriers is
the risk of earthquake in Japan. That
makes obtaining CBI coverage for
American high-tech companies that
rely on Japanese manufacturers for
goods, such as the resins needed for
computer chips, very challenging and
very expensive if available.
What can go wrong in the
digital age? Cyber threats, data
breaches, and privacy invasion
In the past, generally before 2006, the
main cyber threats were from “
activists” looking to take websites offline.
Now, hackers seek business disruption
and extortion. In addition, there is
now a thriving black market for credit
card numbers, personally identifiable information, and other such data
with sophisticated criminal networks
and even state actors peddling this
information. Moreover, cyberterrorism
by state actors and terrorists is here to
stay. Of course, that type of cyberterrorism implicates policy exclusions.
Currently, it seems that both the
frequency and severity escalate
month-to-month. In 2011, there were
less than 60 cyber cases exposing
more than one million records and
only a handful of ransom attacks. In
2016, there were more than 120 significant ransom attacks and about 60
cyber cases exposing more than one
million records.
Every company that uses technology
in its operations or handles, collects, and
stores confidential information has cyber risk. Your company presently faces:
■ ■ Legal liability to others for
privacy breaches of confidential
information;
■ ■ Regulatory actions, fines, and
scrutiny;
■ ■ Cyberextortion;
■ ■ Data kidnapping;
■ ■ Cyberterrorism and espionage
■ ■ Loss or damage to data/
information;
■ ■ Loss of revenue due to a computer
attack;
■ ■ Extra expense to recover/respond to
a computer attack; and,
■ ■ Loss or damage to reputation
following a hack.
If that list concerns you — and
it should — you also need to worry
because a cyber event can disrupt your
supply chain and cause damage. Think
about what would happen to your
company if there was a cyberattack on
internet providers, cloud storage facilities, or power grids. That is the most
significant risk for supply-chain disruption, followed by a natural disaster such
as a hurricane, earthquake, or flood.
Several possible scenarios exist:
■ ■ A virus infecting the systems of
a key supplier destroys essential
records, forcing the supplier to shut
down systems for several days. Once
systems are restored, customers
must resubmit their orders, causing
further delays.
■ ■ An attack on a large commodities
exchange interrupts the flow of
essential materials resulting in price
volatility in markets.
■ ■ A malicious attack on a shipper
disrupts freight management and
logistic systems, resulting in delays
in shipments.
In fact, these possible scenarios are
becoming frequent realities as discussed in an AP News headline from
August 9, 2017:
Take down: Hackers looking to shut down
factories for pay.
DURHAM, NC (AP) — The malware entered
the North Carolina transmission plant’s
computer network via email last August,
just as the criminals wanted, spreading
like a virus and threatening to lock up the
production line until the company paid a
ransom. AW North Carolina stood to lose
US$270,000 in revenue, plus wages for
idled employees, for every hour the factory
wasn’t shipping its crucial auto parts to
nine Toyota car and truck plants across
North America, said John Peterson, the
plant’s information technology manager.
Not only would that event cause
losses to AW North Carolina, but it
could cause losses for other Toyota
suppliers, Toyota dealers, and even
Toyota itself.
Planning and protection
in the digital age
Now that you are worried, do something. As a first line of defense,
In 2011, there were less
than 60 cyber cases
exposing more than one
million records and only a
handful of ransom attacks.
In 2016, there were more
than 120 significant ransom
attacks and about 60 cyber
cases exposing more than
one million records.
