The International Underwriting Association (IUA) has urged the cyber insurance market to adopt a formal protocol for handling business interruption claims across layered tower structures. The call comes in a new report published jointly with advisory firm Baker Tilly.
The paper, titled Split Market Reviews in Cyber BI Towers: Why It’s Time for a Rethink, identifies coordination failures that slow the resolution of complex cyber BI claims.
Where multiple insurers provide separate coverage layers for a single large risk, reviews become fragmented. Duplicated effort and inconsistent procedures follow.
The IUA argues that an agreed framework covering expert appointments, fee-sharing arrangements and information flows would bring greater consistency to the process.
The 2024 Change Healthcare breach affected more than 100 million people and caused financial damages exceeding $4 billion. The ransomware attack, meanwhile, on CDK Global disrupted nearly 15,000 automotive dealerships across North America.
Both events demonstrated how a single cyber incident can spread rapidly across businesses sharing the same platforms.
Joe Shaw, IUA director of claims, said each party within a layered structure ultimately shares the same goal.
“Each organisation, within often quite intricate insurance structures, is working towards the same goal – an efficient and fair resolution of the claim,” he said. “Yet a lack of coordination can inadvertently introduce delays.”
Shaw said a protocol embedded in tower policy wordings could set clear expectations for all participants.
“A market protocol sitting within a tower policy wording could provide clarity for all participants on what to expect if and when an incident occurs.”
The friction is well documented. Baker Tilly has handled more than 200,000 cyber BI claims and found that two factors drive most disputes: the time taken to reach settlement and disagreements over the size of the claim.
Both issues point to the absence of a shared process, rather than any fundamental disagreement over coverage itself.
Ben Hobby, partner at Baker Tilly, said business interruption remains one of the more demanding components of a cyber claim.
“We are therefore delighted to partner with the IUA on this report, where we share some of our thoughts and observations, based on our own claims experience, of what a market protocol could include to help smooth the process for insurers and policyholders alike,” he said.
The report notes that cyber insurance is still a relatively young sector compared to established lines such as property. Many claims handlers are still building their BI experience as the market grows.
The IUA plans to convene market practitioners in the coming months to examine potential solutions and next steps. The association runs two formal cyber forums in the London company market: a Cyber Underwriting Group and a Cyber Reinsurance Committee.
