Exclusive first look at Coalition’s new cyber claims dataGet the 2024 Cyber Claims Report
Cyber Incident? Get Help

What does a cyber insurance policy cover?

Digital transformation has amplified the cyber risks faced by organizations of all sizes. Cyber insurance coverage can offer protection — but not all policies are alike. Here are some key considerations to help find the right fit.

Woman reading documents on a clipboard

Technology is the most significant driving force of change in today's digital economy. However, the innovations that have allowed businesses to thrive with nothing but a digital presence have accelerated digital risks, including cybersecurity incidents such as ransomware, data breaches, business email compromise, etc. 

Cyber crime is a lucrative criminal business model, and organizations of all sizes can fall victim to a cyber attack. In the second half of 2022, claims severity rose 56% for small businesses, showing that victims are often targets of opportunity. Cyber insurance provides coverage for financial, tangible, and intangible losses when digital risk transforms into a cyber incident.

Cyber incidents can damage more than computers and mobile devices. Businesses can suffer irreparable harm to their critical data, finances, and reputation. The right cyber insurance coverage can mean the difference between ceasing operations and getting back to business quickly.

Woman writing in an office booth
Attune About Background

The average ransom demand in H1 2022 was $1.8 million*. Protect your organization by partnering with Coalition.

How to evaluate cyber insurance coverage

Cyber criminals use a variety of attack tactics and techniques to extort or manipulate organizations for financial gain. Cyber insurance coverage protects organizations against the robust set of attacks hackers have at their disposal.

Cyber insurance is not designed as a one-size-fits-all, unlike other standard business risk policies, such as General Liability and Property. Whether you are evaluating the adequacy of your current cyber coverage or in the market to add cyber coverage insurance, work with an experienced broker who can help you understand the nuances between policies, and carefully review policy details and coverages.  All policies are not created equal.

What are the five main areas covered under cyber liability?

Not all cyber liability insurance policies are created equal, and cyber insurance coverage can vary between carriers and policies. To adequately protect your organization against digital risks, look for coverage that will make your organization whole if you experience one of the most common cyber events.

Funds transfer fraud coverage can replace or clawback funds One of the easier ways to monetize cyber crime is through funds transfer fraud (FTF), which threat actors often perpetuate through social engineering techniques like phishing or business email compromise (BEC). Once criminals have access to your business mailbox, they can manipulate your contacts and modify payment instructions, sometimes without even triggering any security alerts. Funds transfer fraud coverage should cover incidents where a cyber criminal misdirects funds. Coalition's claims team will work with law enforcement and the appropriate financial institutions to attempt to retrieve the funds.

Restoration and remediation of Digital Assets against Cyber Extortion and Ransomware attacks It has become clear that all organizations are vulnerable to this persistent digital risk of ransomware attacks, and organization size is not a predictor of risk. Paying such an exorbitant $1.8M ransom may prove untenable for many businesses. Cyber extortion coverage can cover the costs of the ransom itself, but policyholders should evaluate the hidden costs of remediating these attacks. In addition to covering the ransom fees, cyber insurance can also cover digital asset restoration to restore critical business data that may have been encrypted, damaged, or deleted during the ransom attack.

If employee or customer information was exposed as a result of the attack additional coverages may apply to the legal and reporting fees that result.

Emerging digital mitigated by Service Fraud and Computer Replacement coverage Two emerging digital risks include service fraud (cryptojacking) and bricking can be devastating for businesses not covered by a general cyber policy. Cryptojacking occurs when a cyber criminal steals an organization's computing resources to mine cryptocurrency for their benefit. A Service Fraud endorsement covers the direct financial losses a business faces when charged for fraudulent use of cloud-and internet-based services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Network as a Service (NaaS), IP Telephony and more. If devices on your network have seemingly suffered no physical damage, but malware has rendered them unusable, you've been a victim of bricking. There is no way to restore a bricked computer. Computer Replacement coverage will replace all impacted devices.

Network & Info Security Liability & Regulatory Defense & Penalties coverage to mitigate digital vendor risk Today, businesses commonly rely on vendors to store sensitive customer and employee data in the cloud. In many cases, they also rely on these vendors to conduct critical functions, including processing the company's accounts receivable or other essential IT-related activities. Should one of these cloud vendors experience a cyber incident, it can be costly to all businesses that rely upon the vendor's platform. Specifically, companies could be exposed to privacy claims, regulatory fines, and other business interruption costs, including lost income and extra expenses to get their operation back up and running. Even if your third-party vendor has cyber insurance, your contract with them may limit their liability to you. With Network and Information Security Liability (NISL) and Regulatory Defense and Penalties coverage, businesses can transfer your third-party liability risk, mitigating their responsibility in the event of a claim related to one of their vendors. Additionally, cyber insurance policies with Business Interruption and Extra Expense coverage address first-party losses from reliance on cloud vendors.

Bodily Injury and Property coverage help when digital risks become physical As digital infrastructure becomes more advanced and integrated into your business operations, the boundary between cyber and physical security has become increasingly blurred. For example, a cyberattack on a medical organization's network could impact the health and safety of patients undergoing treatment by disrupting the connected medical devices. Likewise, a manufacturing company's operations could be shut down entirely if connected machinery is attacked and cannot be accessed, such as in a ransomware attack, or destroyed with malicious commands sent to the machinery, causing it to perform unwanted actions. Unfortunately, general liability (GL) policies typically do not cover physical or non-physical risks resulting from a cyber incident. However, suppose your cyber insurance coverage includes Bodily Injury and Property and Pollution coverage (first and third-party). In that case, your organization can remain protected from digital risks that translate to physical impacts.

What does cyber insurance not cover?

As with most insurance policies, there are specific exclusions that a cyber insurance policy may not cover. Things that may be exclusions in your cyber insurance policy include: 

  • Resulting loss of future revenue (that is to say, loss of revenue or income that extends beyond the indemnity period - the period in which cyber policies will provide business interruption and extra expense coverage, typically 180 days)

  • Cyber attacks can result in brand or reputational damage, and while cyber insurance coverage can extend to reputational harm, that doesn't extend to a company's valuation

  • Errors and Omissions liability - cyber policies will provide third-party protection for claims arising from a security failure, data breach and/or privacy liability. Still, they may not respond to a claim against you for a violation of your reasonable standard of care with your professional services. Specific industries can purchase Technology E&O to mitigate this risk.

  • Cyber insurance does not cover employment, discrimination, and directors & officers-related claims. You’ll need a separate policy for management liability insurance.  

For an extensive list of coverage exclusions, it is best to work with a qualified cyber insurance broker to review specific policy language and any unique requirements for your region or industry.

What are common cyber insurance coverage misconceptions? 

Unfortunately, many companies still don't have cyber insurance. Some estimates say that only 10 to 15% of small and medium-sized businesses have cyber insurance. These same businesses may think that they are too small to become the target of a cyber attack.

However, Cyber criminals are finding it more profitable to target small and midsize organizations due to their ability to automate attacks and because the rush to support hybrid work models has left more businesses vulnerable. In fact, many smaller organizations with limited resources may overlook significant security risks or lack the means to address them. Additionally, the technologies that support distributed workforces provide threat actors with new ways to infiltrate any company's network.

Threat actors are no longer looking only to monetize employee or customer data; they take advantage of an organization's reliance on it. Typically, a ransomware attack involves encrypting or deleting some or all of an organization's critical information or data and holding it hostage at a high price. Even an organization's relationship with third-party vendors such as IT service providers, customer relationship management (CRM) platforms, and cloud computing providers has become a commodity to exploit. Many organizations rely on third-party vendors for critical business services, and as such, if the vendor experiences a security breach, its partner organizations could well be impacted.

For the vendor and technology organizations, third-party and errors and omissions (E&O) liability also be costly. Even if they are not to blame for the breach, notification and litigation processes can be expensive in both time and money.

How much does cyber insurance typically cost?

Coalition determines each business' risk using our proprietary data platform that evaluates a company’s externally facing exposures, while monitoring current and emerging cyber threats. By adopting the perspective of threat actors, viewing a businesses’ exposures through the lens of their vulnerabilities, this results in a more accurate depiction of their risk, which we incorporate into pricing. Our scanning tools provide early indicators of exploitable cyber targets which then helps inform the underwriting process.

What is unique about Coalition’s cyber insurance coverage?

We found existing cyber insurance policies lacking, so we created our own. We are proud to offer what, we believe, is the most comprehensive cover for technology risks of all forms.  Coalition's Active Cyber Insurance provides policyholders with technology and expert support before, during, and after an incident. Coalition is the only cyber insurance provider with a dedicated in-house claims and incident response team. Coalition Incident Response (CIR) will help remediate the event that allowed the attacker to gain access to your network, conduct forensic analysis, and restore the infected mailboxes. Additionally, the $0 SIR for CIR endorsement amends coverage to eliminate your Self Insured Retention (SIR) for the costs of services provided by our in-house incident response team.But a cyber incident is much more than a digital investigation. Our cyber insurance coverage includes the legal, incident response, forensics, and PR costs following a breach and the costs to notify your customers and provide credit monitoring. Additionally, we cover the financial losses associated with a security incident — whether paying a ransom, funds transfer fraud losses, or lost funds while your business is offline. Many cyber insurance policies exclude coverage for property damage, bodily injury, pollution losses, or bodily liability that might result from a cyber attack. Coalition offers coverage by endorsement for all three of property damage, bodily injury, and pollution.

Attune About Background

Brokers, if you're interested in offering Coalition cyber insurance to your clients, click below to get appointed. If you have questions about your organization's cyber risk score, try our Cyber Risk Assessment — it's completely free.

2023 Cyber Claims Report