Modern data breaches often defy the neat categorisations that were once used to define the scope of insurance coverage. Cyber adversaries have grown more cunning, exploiting vulnerabilities in ways that weren’t anticipated when policies were first introduced. The result is a shifting threat landscape, and evolving insurance offerings.

What does cyber insurance cover?

Cyber insurance usually covers financial loss suffered due to cyberattacks. For example:

  • attacks caused by hackers;
  • physical theft or loss of devices;
  • data theft and leaks; and
  • human error.

Who needs cyber insurance?

Cyber insurance is most important if your organisation collect, store, and manage confidential or personal information. For example, personal names, identifiers, credit card information, and health records. However, even if you don’t have a data intensive business cyber insurance is an important financial protection for all digital businesses using the internet for communications, processing and storage of data.

Regardless of how many security protections your organisation has in place, cyber or data breach insurance serves as a crucial recovery measure for your firm, and assists you to continue operations if you suffer a cyberattack. It can provide your firm with the necessary funds to forensically identify the cause of the breach – either avoid the leakage of sensitive information or allow integral systems to be replaced in a timely manner to restart operations.

What is not covered by cyber insurance?

Different cyber insurance policies will have different exclusions. Carefully review the details of your policy and consider how you might manage risks associated with those exclusions. It is crucial to select a policy that is right for your business needs, the type of data you handle and the way in which it is used.

Two common exclusions include:

  • situations where someone sues your business for system vulnerability before any actual data breaches have occurred; and
  • incidents arising from social engineering attacks, which is where a cybercriminal aims to manipulate or influence a victim into giving up control over a computer system or giving away sensitive information, for example, phishing attacks.

However, you can often extend your policy to include this coverage.

It’s also very important to meet your duty of disclosure under a cyber insurance policy.  Incorrect or incomplete disclosure, whether at the point of applying for a policy or during the period of insurance, may result in claims being denied.

Costs of cyber insurance

Cyber insurance can vary in cost significantly depending on factors such as the scope of the policy, how large the organisation is, the strength of the organisation’s internal system safeguards, and the type of data and information the organisation stores or handles.

There are many policies available at competitive pricing which offer similar coverage. The most important piece of information to consider is whether the insurance policy aligns with your organisations needs at the most favourable cost. Numerous export brokers specialising in this field can offer tailored advice to guide your businesses in selecting the most suitable policy and which major insurers align best with your business’s needs.

Next steps

If your organisation does not currently have a cyber insurance or a data breach insurance policy, investigate if any policies will provide your business with the coverage needed to best protect your future operations.

If you require advice or have any questions, contact Sainty Law at