Although cyber litigation is still evolving, there has been little opportunity to consider the value of expert witnesses and consultants in these cases. However, as we begin to see more claims and litigation, there will be no question that expert witness testimony and consultation will play a larger role in cyber security. Consequently, the evidentiary weight given to expert witness testimony and credibility related to cyber litigation will be a growing concern.
In particular, forensic accountants are expected to be called upon to quantify any alleged economic damages caused by a cyber incident. In the whitepaper, “How Forensic Accountants Help In Cyber Breach Cases,” published by the accounting firm HSNO, it states that a forensic accountant may look at documents including, but are not limited to: historical company performance, financial statements, forecasts or projections, interviews with company management, a review of the types of data lost or accessed and a review of laws and obligations following a breach.
In another recent report, “A Guide To Calculating Business Interruption Losses Related To Standalone Cyber Policies,” HSNO addresses considerations to measure Business Interruption (BI) damages related to cyber incidents. In its report, HSNO defines BI as the amount equal to “the loss of net income plus continuing costs not earned.” In measuring BI, the HSNO whitepaper states its experience has indicated that “the top three measurement issues between claimed and calculated BI issues in order of frequency are: sales projections, period of indemnity and saved costs-ordinary payroll” for forensic accountants. The whitepaper analyzes measures for BI claims in the context of cyber claims in the following manner:
- Sales Projections: In general, the first step in a forensic accountant’s calculation is to determine the “But For” sales, which analyzes the amount the sales would have been “but for” the particular event. In determining sales projections related to a cyber incident, the report explains that “forensic accountants will likely be looking at the entire company as opposed to just one particular location or region, which is usually the case with a fire or hurricane.” Further, these calculations may be further impacted when BI is being calculated for “a new business, a vastly changing market or a new product.” In order to limit the impact of these variables, the report recommends taking time to gather sufficient information to obtain “the ‘more correct’ projection.”
- Period of Indemnity: The Period of Indemnity is “the time period for which indemnity or compensation is payable under a business interruption policy.” Here, a forensic accountant can be used to determine the monetary amount of the damages for each day the breach caused a network to be down. However, an accounting expert would not be able to assist with the amount of time or number of days a computer network should reasonably be down. That is a determination to be made by a technical expert.
- Saved Costs-Ordinary Payroll: In the context of a cyber claim, saved (avoided) costs would be incurred for payroll, or if the targeted company decides to “pay non-productive employees during the outage period or have a layoff.”
At present, studies have found that BI related to cyber incidents is a top concern, considering the potential for lost revenue caused by ransomware or some other cyber incident. As a result, expert opinions and testimony related to BI will become imperative for cyber claims in the near future.
It has been clear for some time that insurers, brokers, underwriters and policyholders all need to work together in order to get the full value out of cyber insurance. In the same manner, insurers, counsel and experts will need to coordinate efforts in order to properly value damages related to a cyber claim. While cyber incidents may cause damage differently than traditional perils, such as a hurricane, in the end, the BI damages will be calculated in the same manner.