FOR INTERNAL USE ONLY
Unplanned Infrastructure Event Insurance
Introduction
Business leaders understand the importance and relevance of disaster recovery planning and
response, aligned with the appropriate degree of risk transfer. Very few businesses operate off-thegrid, so an important part of that planning involves electrical supply, telecoms, information
technology and infrastructures. Making plans to mitigate the effects of an interruption in a
business’s operation as a result of a physical event - an accident, fire or flood, for example - is
common practice, but increasingly companies are having to deal with the very real threat of nonphysical events that impact upon their information technology platform and their intangible assets,
such as data and intellectual property, without which they cannot operate.
The impact on a business following loss or damage to intangible assets can be more severe and
much more immediate than the loss of physical assets. The cause and subsequent consequences
can threaten its reputation, brand image and indeed ultimately its viability. Business interruption
leads to lost income; the loss or theft of valuable data results in significant restoration or
replacement costs and loss of market share; breaches of security lead to the loss or misuse of
private or confidential data or intellectual property requiring investigations by data regulators and
remedial credit monitoring services; targeted attacks from hackers or disgruntled employees impair
the operation of systems or corrupt data; cyber extortion threats lead to ransom demands;
damaging virus infiltrations – all very real scenarios that will effect a business at all levels and at the
very least, seriously erode precious IT budgets.
Even those companies that look to mitigate this exposure as a secondary benefit through
outsourcing, including utilisation of the virtual or cloud marketplace for information technology
services, are not totally immune given the contractual limitations imposed upon them by their
outsource partners.
What is unplanned infrastructure risk?
The reliance organisations place on their critical information technology assets, business processes
and the electronic data that is stored and flows through these systems is immense. This becomes
even more critical when a business outsources systems management, software development and
utilise emerging technologies such as cloud computing.
The great majority of time when systems and data are unavailable is as a result of planned
downtime that occurs due to required maintenance - all other outages are unplanned downtime.
Unplanned downtime is typically perceived to be associated with disastrous events, from hardware
and software failures or hacking, to the biggest threat - human error. Industry surveys tell us that
whilst unplanned downtime accounts for only about 20% of all downtime, its unexpected nature
means that any single downtime incident may be considerably more damaging both financially
and in terms of reputation to an organisation than occurrences of planned downtime.
Risk transfer
Principia’s Unplanned Infrastructure Event insurance has been designed to protect businesses from
these very real threats of interruption and disruption. It also follows the supply chain to protect the
insured from the consequences of impact events triggered by outsource partners.
Principia has developed its Unplanned Infrastructure Event insurance policy to bridge the gaps with
traditional insurance policies. Traditional property and crime insurance policies generally do not
cover damage to intangible property or breeches of confidentiality following either a
malicious or accidental event, leaving the business vulnerable in the event of a major
unplanned downtime reliant solely on technology security solutions. But technology or
disaster recovery alone cannot guarantee network security or continuity. In order to protect critical
technology assets, reduce liability exposures and minimise income loss, specialist insurance solutions
are required.
Unplanned Infrastructure Event insurance from Principia meets the costs and income loss
associated with unplanned infrastructure events triggered by malicious or accidental events, such
as:
Malicious
Accidental
Introduction of self replicating virus and
worms
Operational/Human Error
Security breaches caused by spyware,
logic bombs or trojans
Unauthorised access to or use of systems
and data by employees or contractors
Malfunction
Pandemics and resultant inability to access
premises
Software error
Hacking by unknown parties
Seizure of IT assets by Governmental authorities
Extortion threats and denial of service
attacks, including spam and encryption
of key databases
Accidental loss or damage to data media
Cyber terrorism
Electromagnetic erasure of electronic data
Loss of internal power generation
Inadvertent destruction or inability to recreate
lost or damaged electronic data or records
What are the key benefits?
•
Protects residual loss from technology risks that are business critical
•
Allows cyber risk planning to form part of the wider business and risk management planning
process
•
Helps to gain consensus between the business and IT managers on critical cyber risk issues and
their management – protects the IT budget.
•
Enables the transfer of identified risks through insurance.
Why Principia Underwriting?
Our underwriting approach, policy offerings and service ethos are structured to recognise that risk is
not static. Our insureds need protection for events that stem not just from their own actions but also
problems caused by contractors and service providers that their business depends upon. This is
supply-chain underwriting.
For further information, please contact:
Chris Newton
Principia Underwriting
Gallery 4
Lloyd’s building
London EC3V 1LP
Tel: +44 (0)20 3037 8036 M: +44(0)7545 205902
chris.newton@principia-underwriting.com