A series of technical problems—from alleged cyber-attacks andinternal errors—interrupted major news organization websites thisweek, causing website outages and exposing reporters’ privateinformation.

“There has been a paradigm shift in the cyber market, where wehave moved away from pure privacy or data breach into challengingfirst-party areas of Business Interruption (BI), resilience, anddata loss,” says Phil Mayes, senior vice president of Lockton’sGlobal Technology and Privacy Practice.

On Thursday, the Syrian Electronic Army (SEA), supporters ofSyrian president Bashar al-Assad, redirected Washington Postreaders to its own website and broke into reporters’ social mediaaccounts, stating that it also attacked Time Magazine and CNN.

The SEA was responsible for a Twitter hack in April that causedthe AP to falsely report a White House bombing, causing the stockmarket to crash by $136 billion for five minutes.

“We have taken defensive measures and removed the offendingmodule,” the Post’s managing editor stated, saying no other issuesreportedly affecting the newspaper’s website.

Just a day earlier, the New York Times website crashed for abouttwo hours, ostensibly the result of an internal maintenance glitch,months after Chinese hackers infiltrated the newspaper’s website inJanuary.

According to the Times, the website went down at around 11:10 AMand returned around 1:15 PM but experienced spotty service until 3PM, the failure falling within peak website traffic hours on a daywhen more than 7.1 million people visited the site.

“The outage occurred within seconds of a scheduled maintenanceupdate being pushed out, and we believe that was the cause,” thepaper quoted from Eileen Murphy, New York Times Companyspokeswoman.

The fallout from cyber breach falls under first-party areas ofBI and loss of revenue, which also leaks into third-party liabilityissues, as when a news organization is unable to deliver thewebsite views it promised in a contract with its advertisers.

Mayes says, “Ordinarily, when insurers talk about cybercoverage, they will only cover costs associated with reputationalharm—engaging a PR firm or call center to handle an influx ofcustomer inquiries—but not cover for the monetary loss related toloss of trust.”

According to Mayes, if a company experiences a $100 cyber loss,$30 will be from customer notification and other immediatefinancial damage, and the remaining 70 percent is the loss offuture income. Based on this information, he says the London marketis developing a model to concretely cover the immediate andlong-term costs of a data breach.

Timing and wording are also critical to the outcome of a cyberclaim, says Joshua Gold, insurance policyholder attorney at lawfirm Anderson Kill & Olick.

“Even if a policyholder buys new, 21st-century perils cybercover, they have to understand the waiting period,” says Gold. “Oneissue I see all the time is a BI or income claim that is attachedto a waiting period, meaning the site has to be offline orinterrupted for a minimum amount of time. Whatever the cause of therecent interruptions, the sites were back up a few hourslater.”

He continues, “The waiting periods can be up to 28 or 48 hours.When considering cyber-related coverage, companies need todetermine the length of an outage that could be devastating, andfind a policy that starts protecting them the minute their systemgoes offline.”

Furthermore, says Gold, the cause of a website failure can makeor break a claim: many new policies will provide cover if there isproof of an outside hacking or denial-of-service attack, andemployee or extortion attacks can sometimes be considered underkidnap and ransom policies.