Authors: Ruth Benfield, Senior Associate, Real Estate and Alice Dockar, Partner, Real Estate, London
Cyber security affects all businesses and industries and is a Board level agenda item. As cyber-attacks are becoming more common (and hitting large institutions, such as Uber and the NHS) we are advising our clients to check the adequacy of their buildings and contents insurance policies and the building management, security and IT systems in their properties.
Buildings are particularly vulnerable to outside threats due to their reliance on technology for building management and security systems (for example fire alarms, sprinkler systems, automated air-conditioning, lifts, escalators, to name a few) which are often fundamental to the running of a commercial building. Such systems could be an easy target to hackers and the potential physical damage, destruction and disruption which could be caused makes the threat a real one. The risk for developers and landlords is therefore significant.
A cyber-attack which results in the destruction (or temporary failure) of such systems is likely to mean that tenants or their customers and employees are unable able to use or occupy the premises until new systems are installed, which could be a time consuming and expensive process. Imagine if a cyber-attack results in the activation of a building’s sprinkler system, causing severe water damage. Not only would a tenant be unable to use its premises until the water damage is repaired (resulting in loss of business) but also the cost of repairing the damage might not be covered by any existing insurance policy. This type of threat could affect a range of commercial properties, whether retail shopping centres, industrial units, offices or hotels.
Comprehensive insurance is important to ensure cover for such risks and it is also essential that building owners have adequate security systems in place to protect their management systems. Building management systems need to be both maintained and made secure and such costs should be recoverable through the service charge payable by tenants of a building, but individual leases should be checked to make sure this is the case.
To minimise insurance premium spend and potential overlapping of cover, your existing buildings and contents insurance policy should first be reviewed. If it already covers some cyber risks, any gaps could be plugged by a standalone cyber insurance policy. Questions arise as to whether the premium for taking out cyber-insurance can be recoverable through insurance rent payable by tenants. This depends on whether cyber-insurance for damage becomes commercially standard in the market as an insurable risk (for example internet terrorism), so that reinstatement and rent suspension would apply in the usual way.
Please check your insurance policies (or send them to us to have a look at) and review your building security systems. Do get in touch with us if you need any further advice or guidance.
Herbert Smith Freehills has also run a webinar: “Cyber Incidents: Understanding the Insurance Response“. This webinar uses a case study to take you through the various stages of a cyber incident, in particular:
- The crisis management considerations in play at each stage;
- How a cyber insurance policy may respond to different losses and exposures;
- The extent to which traditional insurance policies may also assist a corporate at different stages of a cyber incident; and
- Practical steps to ensure that you maximise insurance recoveries in the event of a cyber incident.
The speakers are from Herbert Smith Freehills (Greig Anderson, Partner, Insurance Disputes, Andrew Moir, Partner, Global Head of Cyber Security Practice and Sarah Irons, Professional Support Consultant, Insurance Disputes, all from the London office).
If you would be interested in viewing this webinar, please register your interest here.
For more information please contact: