When a cyber incident strikes, the financial pressure on affected businesses is immediate. But access to insurance funds rarely follows at the same pace.
Settlements on cyber BI claims can drag on long after the damage is done, and Marsh Risk has introduced a new endorsement framework to address that directly.
The framework creates a negotiated pathway for advance and interim payments. Insurers can pay approved incident-response firms directly, so policyholders do not have to cover early recovery costs out of pocket.
It mandates interim payments for undisputed BI losses and sets a standardised evidence package to shorten insurer review times. Clearer policy language on when response costs and BI losses are eligible for payment targets the ambiguity that most often slows settlements.
That ambiguity has been a persistent problem for brokers and policyholders alike. BI policy wording, including waiting periods, sub-limits, and whether coverage responds to partial shutdowns, is frequently misunderstood. Those gaps tend to surface only when a claim is already in motion.
“Settling cyber business interruption claims can be a protracted, documentation-heavy process,” said Greg Eskins, global cyber product leader at Marsh Risk. “Our framework is aimed squarely at the operational and financial realities our clients face when they are trying to recover from a cyber incident.”
Eskins said the goal is to reduce out-of-pocket expenses, accelerate payments, and cut complexity around documentation requirements so clients can focus on recovery.
The volume of claims feeding into that process keeps growing. Coalition’s 2026 Cyber Claims Report found that cyber claims frequency rose 3% in 2025, while average severity fell 19% to $116,000. Business email compromise and funds transfer fraud together made up 58% of incidents, each carrying their own evidence requirements.
The pressure to move fast starts from the moment an incident is detected. A 2025 analysis by Marsh’s Cyber Risk Intelligence Center found that organisations with tested incident response plans consistently recorded lower claims severity. This points to a direct link between early operational readiness and smoother claims outcomes.
The stakes around BI coverage have risen sharply. BI is frequently sub-limited or excluded in cyber policies. Brokers face growing pressure to stress-test programs against real loss scenarios before a claim does it for them.
Marsh said it is actively working to expand carrier participation beyond the current five insurers and extend the framework to additional markets globally.
