COVERAGE BREAKDOWN

What Cyber Liability Insurance Covers

Q: Does cyber liability insurance cover ransomware?

Yes. Most cyber policies cover ransomware extortion payments (subject to sanctions compliance), negotiation costs, and system restoration. Coverage terms, sublimits, and conditions vary by carrier — some require proof of security controls like offline backups.

Q: What is the difference between first-party and third-party cyber coverage?

First-party coverage pays for losses your own business suffers — breach response, ransomware, business interruption. Third-party coverage pays for claims made against you by customers, partners, or regulators alleging your security failure harmed them.

Q: Does cyber insurance cover social engineering and BEC?

Social engineering and business email compromise (BEC) coverage is typically available but often subject to a sublimit — commonly $250,000 to $1,000,000 — separate from the main policy limit. Review this carefully; it is one of the most claimed coverages.

Q: Is there a waiting period for cyber business interruption?

Yes. Most cyber policies have a waiting period (also called a retention period) of 8–12 hours before business interruption coverage triggers. Losses during the waiting period are not covered. Some carriers offer shorter waiting periods for an additional premium.

Two layers of protection — what happens to your business, and what you owe others when something goes wrong.

FIRST-PARTY COVERAGE

First-Party Coverage — Protecting Your Business

First-party coverage pays for direct losses your business suffers following a cyber event — from breach response costs to lost revenue.

Data Breach Response

Forensic investigation to find the breach, legal counsel, regulatory notifications, credit monitoring for affected individuals, and PR crisis management. Typically covers all 50 states' notification requirements.

Ransomware & Cyber Extortion

Ransom payments to threat actors (subject to OFAC sanctions screening), professional negotiation, decryption and system restoration costs. Requires proof of encrypted backups at most carriers.

Business Interruption

Lost income and extra expenses when a cyber event takes your systems offline. Triggered by both attacks and accidental system failures (system failure coverage). Subject to a waiting period — typically 8–12 hours.

Cyber Crime / Funds Transfer Fraud

Covers losses from fraudulent wire transfers initiated by social engineering or BEC. Often a sublimited coverage; verify the sublimit matches your typical wire transfer amounts.

System & Data Restoration

IT costs to restore, recover, or recreate data and systems damaged or destroyed by a cyber event. Includes third-party forensic and recovery specialists.

THIRD-PARTY COVERAGE

Third-Party Coverage — Claims Against You

Third-party coverage pays when others sue or regulators investigate you because your security failure impacted them.

Network Security Liability

Claims by third parties alleging your security failure allowed malware to spread to their systems or enabled unauthorized access to their data.

Privacy Liability

Claims by individuals or regulators alleging violation of their privacy rights — including CCPA, HIPAA, GDPR, and other state or federal privacy laws.

Regulatory Defense & Fines

Legal defense costs and covered fines/penalties from regulatory investigations following a data breach. Coverage of fines varies by jurisdiction and policy form.

Media Liability

Claims of defamation, copyright infringement, or invasion of privacy arising from your online content, social media, or website.

KNOW YOUR LIMITS

Common Exclusions

Standard cyber policies don't cover everything. Understanding exclusions before a claim is essential — not after.

✗

War / Nation-State Attacks

Most policies exclude losses attributable to acts of war or nation-state cyberattacks. Some carriers now offer limited coverage through a war buyback endorsement — ask specifically about this.

✗

Bodily Injury & Property Damage

Physical harm to people or tangible property is covered under general liability, not cyber. Cyber events that cause physical consequences (e.g., medical device hacks) may need specialty coverage.

✗

Prior Known Incidents or Circumstances

Cyber insurance is claims-made coverage. Known incidents or circumstances that existed before the policy's inception date are excluded.

✗

Intentional or Criminal Acts

Losses arising from deliberate or fraudulent acts by the insured are not covered. This applies to insider threats acting at the direction of the business.

✗

Infrastructure Outages (Utility / Cloud Provider Failures)

Outages caused by your cloud or internet provider are often sublimited or excluded. Some policies offer dependent business interruption coverage — verify before you bind.

✗

Contractual Liability Beyond What You'd Owe Without the Contract

If you've assumed extra liability in a contract (beyond what the law would impose), that additional exposure generally isn't covered.

NEGOTIATE THESE

Critical Sublimits to Negotiate

These coverage areas are often sublimited — meaning they pay out less than your full policy limit. Know the numbers before you sign.

FUNDS TRANSFER

Social Engineering / BEC

Often $250K–$1M vs. your full policy limit. One of the most frequently claimed coverages — make sure the sublimit reflects your actual wire transfer exposure.

BUSINESS INTERRUPTION

System Failure Waiting Period

8–12 hours is standard. Some carriers offer shorter waiting periods for additional premium — worth negotiating if downtime costs are high.

RANSOMWARE

Ransomware Payment Conditions

Some carriers require proof of offline or immutable backups as a condition of ransomware payment coverage. Confirm these requirements before a loss.

REGULATORY

Regulatory Fine Coverage

Coverage for fines varies by state, regulator, and policy form. HIPAA fines, for example, may have separate sublimits or be excluded depending on the carrier.

Also see: Ransomware glossary · Social engineering glossary

Get a Cyber Liability Pricing Indication

Preliminary pricing for your business — subject to underwriting, carrier eligibility, market appetite, and policy terms.

Get my preliminary indication →

Frequently Asked Questions

Does cyber liability insurance cover ransomware?

What is the difference between first-party and third-party cyber coverage?

Does cyber insurance cover social engineering and BEC?

Is there a waiting period for cyber business interruption?

Also explore: Coverage Guide Cost & Pricing Carriers Ransomware Glossary Social Engineering Glossary Get a Quote

Coverage depth

How What Cyber Liability Insurance Covers should be reviewed before binding

What Cyber Liability Insurance Covers should be reviewed inside the full cyber policy, not as a one-line feature. Cyber coverage is built from definitions, exclusions, conditions, sublimits, retentions, waiting periods, approved vendors, and notice requirements. A strong proposal explains how those parts work together in a real claim.

The review should focus on the events the business could actually face: ransomware, unauthorized access, business email compromise, privacy notification, system restoration, dependent vendor failure, regulatory inquiry, and customer or client allegations. That is where wording differences become meaningful.

First-party costs

Look for forensics, breach counsel, notification, credit monitoring, data restoration, extortion response, business interruption, extra expense, and crisis communications.

Third-party claims

Review privacy liability, network security liability, media liability, regulatory defense, contractual allegations, and defense-within-limits wording.

Cybercrime and fraud

Funds transfer fraud, social engineering, invoice manipulation, and computer fraud can be separate, sublimited, or condition-heavy. Payment verification procedures matter.

Coverage review matrix

Trigger

What event must happen before coverage applies, and does the definition match the way the business uses email, cloud systems, remote access, vendors, and payment workflows?

Amount

Is the available amount the full policy limit or a smaller sublimit? Are defense costs inside the limit? Is there a separate retention or waiting period?

Process

Does the insured need carrier consent, approved vendors, immediate notice, law enforcement involvement, callback procedures, or preservation of evidence?

Gap check

Which related policies could overlap, and where do exclusions leave the business uninsured or dependent on a different form?

Common questions

Is What Cyber Liability Insurance Covers included in every cyber policy?

Not always, and not always in the same way. Some policies include the concept broadly, some apply a sublimit, and some add conditions or exclusions that materially change the result.

What usually affects eligibility?

MFA, backups, endpoint protection, patching, remote access, prior incidents, revenue, data type, payment controls, industry class, and requested limits can all affect eligibility or terms.

What should I compare besides premium?

Compare the forms, endorsements, retention, sublimits, waiting periods, response vendors, claim procedures, financial strength, and whether the carrier's appetite fits the account.

Review discipline

What we document for What Cyber Liability Insurance Covers

A complete cyber recommendation should leave a clean trail: why the limit was selected, which markets were compared, what controls affected eligibility, which sublimits were accepted, and what the insured should improve before renewal. That record matters because cyber claims are operational events, not just insurance paperwork.

We also separate what is known from what still needs underwriting confirmation. Carrier appetite, rating, issuing paper, state availability, subjectivities, taxes, fees, and final forms can change before binding. The buyer should understand those moving parts before treating any indication as final.