NYSE trading halt an insurance coverage wake-up callReprints
Last week's disruption of the New York Stock Exchange because of an apparent computer glitch may not have had a dramatic impact on the markets, but it should serve as a reminder to companies to examine their insurance coverage should they face similar problems.
The nearly four-hour trading halt came on the same day that computer problems led Chicago-based United Airlines Inc. to ground its fights for about two hours, and the Wall Street Journal's website temporarily went down as well.
Despite initial concern the problem was caused by a cyber attack, the incident apparently occurred during the course of a software update, and did not involve a data breach, observers say.
Jerry Irvine, chief information officer of Chicago-based Prescient Solutions, an information technology outsourcer, said he was “a little surprised” the upgrade occurred during working hours, rather than on the weekend.
“The big entitles know these types of disruptions are inevitable, and they're planning for it now so they minimize their losses. It's not a shock to them,” said Kevin Kalinich, Chicago-based global practice leader of cyber risk solutions at Aon Risk Solutions.
Furthermore, “There are over 60 trading platforms that were alternative exchanges where people could trade most of their equities and instruments,” he said. “The NYSE only accounts for 20% or so of the trading volume,”
A spokesman for Atlanta-based Intercontinental Exchange Inc., which operates the NYSE, could not be reached for comment on its insurance coverage.
The insurance involved depends upon “who you are in the chain,” said Mr. Kalinich — whether you are the entity that had the disruption, an entity that was trying to make a trade and unable to do so, or a third party beneficiary of a trade and a merger did not go through because the trade could not happen.
He noted also that it is likely the New York Stock Exchange had liability limits in its contracts with the firms with which it does business.
Experts say firms should examine their own insurance policies to determine whether they have coverage in comparable situations. Among the steps companies should take is to analyze existing legacy policies and, after a gap analysis, “explore cyber insurance to fill those gaps,” Mr. Kalinich said.
Companies “have to scrutinize their polices carefully and work with their brokers to make sure that they're getting” appropriate coverage for incidents where there is not a privacy breach, said Lon A. Berk, a partner with law firm Hunton & Williams L.L.P. in McLean, Virginia.