Claims for overtime or bonus pay are sometimes submitted for coverage under Extra Expense.

“Extra Expense” is defined as, “reasonable and necessary expenses incurred by the Insured Organization during the Period of Restoration to minimize, reduce or avoid Income Loss, over and above those expenses the Insured Organization would have incurred had no Security Breach, System Failure, Dependent Security Breach or Dependent System Failure occurred.”

“We paid our salaried and hourly employees a bonus for all of the hard work they did.”

Per the definition of Extra Expense, expenses (among other things) must be reasonable and necessary. Because of this, our policies will generally not cover discretionary bonuses, which are, by definition, not necessary, i.e., they do not have to be paid, e.g., pursuant to an employment contract.

“Our salaried and hourly employees worked overtime as a direct result of the cyber incident, shouldn’t all of these overtime hours be covered?”

Per the definition of Extra Expense, expenses (among other things) must be over and above those expenses the Insured would have incurred had no incident occurred. These expenses are often determined by looking at pre-loss expense averages as well as expense trends so as to measure the expense increase from baseline. Because of this, our policies will generally not cover overtime expenses unless they are specifically incurred as a result of the incident at issue.

Any additional payments to salaried employees would likely be considered discretionary and generally excluded from our policies.

“My staff could not work, but were still paid, therefore I should be compensated for that”.

If you had a loss of sales, then you did not receive the income needed to pay for the labor. The continuing labor would then be part of the calculation in determination of Income Loss (i.e. the “continuing normal operating expenses”).

However, if you DID NOT lose any sales, then you have received the income necessary to pay for the labor, even if the receipt of income was delayed due to the cyber event.

Ultimately, you need to have suffered a loss of sales in order to be compensated for the cost of unproductive staff. If you have received your normal income, then there is no measurable cost to your workforce being unproductive, since you are no more out of pocket than if your workforce had been working to normal capacity.

“I didn’t make a sale today – so it’s lost forever”.

Depending on your business, it’s possible the sale was delayed. This would be considered a make-up sale.

Examples:

• Medical
  • You’re a doctor and due to a cyber-event you cannot schedule patients for a day.
  • Once your systems are running, you are able to fit those patients into your future schedule without taking the place of other patients.

• Retail
  • A person walks into your store (or visits your website) and tries to purchase clothes, but due to a cyber-event the sale cannot be made.
  • Once your systems are running, the customer returns and purchases the clothing.
  • It is possible you try to mitigate the loss by offering some incentive (e.g. a discount) for those customers that could not make the purchase – this would be an Extra Expense.
  • It is possible you try to mitigate the loss by producing some advertising that would otherwise not have been created to attract customers – this would be an Extra Expense.

• Manufacturing
  • Due to a cyber-event, production stops and orders cannot go out.
  • Once your systems are running, you are able to fit the lost production into the production schedule and ship product to your customer.
  • It is possible you try to mitigate the loss by running additional shifts, working overtime and/or weekends to mitigate the loss – this would be an Extra Expense.

Accounts Receivable

• The policy is intended to make an insured whole based on the net income that could not be earned during the period of restoration.
• With regards to Accounts Receivable, this relates to revenue that has been earned, just not yet collected.
• During the Period of Restoration there may be a decrease in the amount collected, but the measurement of loss pertains to that revenue which was not earned during the period. Providing cover for revenue that will, after the Period of Restoration, go on to be collected would result in a double recovery for an insured and therefore cannot fall for coverage.

It is understood that companies are constantly working on ways to improve their business and generate revenue. There are opportunity costs that can be incurred as a result of a cyber loss, but which are not compensable as the insured may not be able to identify a true measurable financial loss. Our policies will generally exclude any loss of market or any other consequential loss. The opportunity costs incurred as a result of the loss may not be identifiable as Net Income or Loss that would have been earned or incurred during the Period of Restoration. 

Example

• An insured is in the research and development stage of a new product. Due to a cyber event, the work performed during this period had to be redone and therefore pushes the whole project out and possibly leads to a lost sales window in the future.
  • The possible financial affect (loss of Net Income) is outside of the Period of Restoration.
  • It is unknown if and when the product would ever achieve sales and what those sales would be.