“We have taken defensive measures and removed the offending module,” the Post’s managing editor stated, saying no other issues reportedly affecting the newspaper’s website.

Just a day earlier, the New York Times website crashed for about two hours, ostensibly the result of an internal maintenance glitch, months after Chinese hackers infiltrated the newspaper’s website in January.

According to the Times, the website went down at around 11:10 AM and returned around 1:15 PM but experienced spotty service until 3 PM, the failure falling within peak website traffic hours on a day when more than 7.1 million people visited the site.

“The outage occurred within seconds of a scheduled maintenance update being pushed out, and we believe that was the cause,” the paper quoted from Eileen Murphy, New York Times Company spokeswoman.

The fallout from cyber breach falls under first-party areas of BI and loss of revenue, which also leaks into third-party liability issues, as when a news organization is unable to deliver the website views it promised in a contract with its advertisers.

Mayes says, “Ordinarily, when insurers talk about cyber coverage, they will only cover costs associated with reputational harm—engaging a PR firm or call center to handle an influx of customer inquiries—but not cover for the monetary loss related to loss of trust.”

According to Mayes, if a company experiences a $100 cyber loss, $30 will be from customer notification and other immediate financial damage, and the remaining 70 percent is the loss of future income. Based on this information, he says the London market is developing a model to concretely cover the immediate and long-term costs of a data breach.

Timing and wording are also critical to the outcome of a cyber claim, says Joshua Gold, insurance policyholder attorney at law firm Anderson Kill & Olick.

“Even if a policyholder buys new, 21st-century perils cyber cover, they have to understand the waiting period,” says Gold. “One issue I see all the time is a BI or income claim that is attached to a waiting period, meaning the site has to be offline or interrupted for a minimum amount of time. Whatever the cause of the recent interruptions, the sites were back up a few hours later.”

He continues, “The waiting periods can be up to 28 or 48 hours. When considering cyber-related coverage, companies need to determine the length of an outage that could be devastating, and find a policy that starts protecting them the minute their system goes offline.”

Furthermore, says Gold, the cause of a website failure can make or break a claim: many new policies will provide cover if there is proof of an outside hacking or denial-of-service attack, and employee or extortion attacks can sometimes be considered under kidnap and ransom policies.