Cyber insurance transfers some breach financial risk to insurers.
Coverage types
-
First-party: Direct losses to your organization.
- Business interruption.
- Data recovery costs.
- Ransom payments.
- Notification expenses.
- Public relations costs.
-
Third-party: Liability for others' losses.
- Legal defense costs.
- Regulatory fines and penalties.
- Customer notification.
- Credit monitoring services.
Requirements
- Security controls assessment.
- MFA on privileged accounts.
- Endpoint protection (EDR).
- Backup and disaster recovery.
- Incident response plan.
- Security awareness training.
Exclusions
- Prior known vulnerabilities.
- Failure to patch critical systems.
- Acts of war or nation-states.
- Intentional acts by insured.
Underwriting process
- Security questionnaire.
- Technical assessment.
- Claims history review.
- Industry and revenue evaluation.
Related Tools
Explore More Risk & Resilience
View all termsBusiness Impact Analysis (BIA)
An assessment that identifies critical business processes and quantifies the impact of their disruption.
Read more →Data Breach Cost
The total financial impact of a security incident, including detection, response, notification, and long-term damages.
Read more →Incident Response Plan (IRP)
A documented, tested approach for detecting, containing, and recovering from cybersecurity incidents.
Read more →MITRE ATT&CK Framework
A globally accessible knowledge base of adversary tactics, techniques, and procedures mapped to the attack lifecycle.
Read more →Ransomware
Malware that encrypts systems or exfiltrates data, demanding payment to restore access or prevent disclosure.
Read more →Return on Security Investment (ROSI)
A metric that quantifies the financial benefit of security investments relative to their cost.
Read more →