The limited coverage is characterised by low coverage limits, long waiting periods, narrow coverage triggers, significant deductibles and long claims processes

There is a misconception that the scope of cyber errors and omissions (E&O) insurance covers all cloud downtime losses, according to the results of the latest survey from Parametrix, published last week (8 September 2022).

The technology downtime insurance provider’s survey was carried out in July 2022 and surveyed 324 corporate decision makers’ views on the finance, banking, healthcare, software, retail, e-commerce, entertainment, gaming and streaming industry’s views on cloud reliance, downtime concerns and related insurance coverage.

It revealed that 41% of respondents were more concerned about cloud downtime compared to last year.

Yonatan Hatzor, co-founder and chief executive at Parametrix, said: “The survey results reveal that businesses have massive exposure to cloud downtime and incorrectly believe they are well protected by their cyber or E&O policies.

“However, cyber, and E&O policies do not cover most actual downtime events and losses, including short events under eight hours and compensation for business loss and SLA breaches.”

The firm noted that it had seen 100 downtime outages in the last three years. 

Consulting with brokers

The aim of cyber insurance policies is to protect the insured against security failures, data breaches and ransomware attacks.

Meanwhile, E&O policies protect policyholders from liability for negligent acts, errors or omissions.

This limited coverage is characterised by low coverage limits, long waiting periods, narrow coverage triggers, significant deductibles and retentions as well as long claims processes and forensic investigations.

Both policies may provide limited cover for cases when system failure is caused by unavailability of the supply chain, such as a cloud provider outage. But cyber and E&O policies limit the payout to proven loss of net profit or loss mitigation expenses.

Currently, the minimum outage time required for this kind of event to be covered by cyber or E&O insurance ranges between eight and 48 hours and there is a lack of awareness of the existence of the waiting period.

Of those survey respondents that incorrectly believed their policies cover downtime for any reason, 86% thought the coverage kicks in for downtime events after less than eight hours.

Meanwhile, 62% believed the coverage kicks in within the first hour and 24% thought it took effect between one and eight hours.

Hatzor said: “Insurance customers should consult their brokers about their current downtime insurance program regarding dependent business insurance, waiting periods, retentions and perils and about the differences between cyber, E&O and cloud downtime insurance.”

Some respondents would like downtime insurance policy to cover loss of productivity (46%), lost sales (39%) and SLA (service-level agreement) payouts (37%).

The main reasons to purchase cloud downtime insurance coverage included wanting flexibility to spend money repairing the damage caused by the outage (41%), a fiduciary responsibility of the board to shareholders (39%), part of a holistic risk management approach (35%) or to ensure that lost revenue streams were mitigated (35%).