FAQ Cyber Insurance

Frequently Asked Questions About Cyber Insurance

Cyber insurance gives businesses the confidence that they are protected from the negative impact of a breach. Cyber Insurance can cover a wide range of issues from damaged electronics, ransoms, and the effects on brand reputation.

With cybersecurity attacks featured prominently in the news, it’s safe to say most people have heard of a cyber-attack being perpetrated against a company they’re familiar with. 

Even if you know about the dangers of these attacks, you might still have some questions about cyber insurance. 

  1. What is Cybersecurity Insurance?

Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is a contract that a business can purchase to help reduce the financial risks associated with doing business online. Any company that conducts any part of their business online (emailing, selling etc) needs a cyber insurance policy. In exchange for a monthly or quarterly fee, the insurance policy transfers some of the risks to the insurance company.

  1. How does Cyber Insurance Work?

This coverage protects companies from liability and reimburses companies for expenses related to a data breach, which could include legal counsel and defense. 

Other expenses that could be included in coverage are a digital forensics team, notification costs, crisis communications, setting up a call center, and credit monitoring for those affected by the data breach.

To get the specifics of what your policy covers please speak to your agent. 

  1. What is covered by Cyber Insurance?

There are several types of cyber insurance policies that businesses can purchase to protect themselves from various cyber risks. Some common types of cyber insurance policies include:

  1. Data breach insurance: This type of policy covers the costs associated with a data breach, such as legal fees, investigation costs, and customer notification expenses.
  2. Network security insurance: This policy covers losses due to cyberattacks or other security breaches, including loss of income and costs associated with business interruption.
  3. Cyber liability insurance: This policy covers liability claims arising from cyber incidents, such as data breaches or cyberattacks.
  4. Media liability insurance: This policy covers defamation, libel, or slander claims that may arise from content posted online, such as on social media or a company website.
  5. Technology errors and omissions insurance: This policy covers claims related to errors or omissions in technology products or services provided by a business, such as software bugs or programming errors.
  6. Cyber extortion insurance: This policy covers losses related to cyber extortion, including ransomware attacks or threats to release sensitive information.
  7. Privacy liability insurance: This policy covers claims related to violations of privacy laws or regulations, such as GDPR or HIPAA.

It’s important to note that different insurance providers may have different names for these coverages or may offer them in slightly different variations. It’s always a good idea to carefully review the terms and conditions of a policy with your agent before purchasing coverage.  

  1. What does Cyber Insurance not cover?

While cyber insurance policies can offer significant coverage for many types of cyber risks, there are some exclusions and limitations to what they will cover. Some common exclusions and limitations of cyber insurance policies include:

  1. Acts of war: Most cyber insurance policies exclude coverage for cyber-attacks that are considered acts of war or terrorism.
  2. Intentional acts: Coverage may be excluded for losses that are caused intentionally, such as by an employee or contractor who intentionally steals or damages data.
  3. Known vulnerabilities: Some policies may exclude coverage for losses resulting from known security vulnerabilities that have not been addressed.
  4. Poor cybersecurity practices: Coverage may be limited or excluded if a company has failed to implement reasonable cybersecurity measures, such as failing to install security updates or using weak passwords.

Some insurers provide education and resources to improve your business’s practices. 

  1. Non-cyber incidents: Cyber insurance policies are designed to cover cyber risks, so losses resulting from non-cyber incidents such as fire or natural disasters may be excluded.
  2. Third-party software: Some policies may exclude coverage for losses resulting from third-party software, such as vulnerabilities in a cloud provider’s infrastructure.
  3. Reputational harm: Many cyber insurance policies do not cover losses resulting solely from reputational harm, such as negative publicity or a loss of trust from customers.

It’s important to carefully review the terms and conditions of a cyber insurance policy with an experienced insurance agent or broker.

  1. Who needs Cyber Security Insurance?

Cyber liability insurance, sometimes called cyber security insurance, is a key policy for any business that stores or processes sensitive information online. Consider coverage if you store data such as customer names and addresses, date of birth, email address, Social Security numbers, medical records, and financial information such as credit card information and bank accounts.

  1. Is Cyber Insurance the same as Data Breach Insurance?

No, there’s a big difference between cyber insurance and data breach insurance. Cyber insurance covers the risk from first-party and third-party cyber incidents, while data breach insurance only covers damage to data.

A data breach occurs when sensitive or confidential information is accessed, stolen, or exposed by unauthorized parties, either through a cyber-attack or human error. Examples of sensitive data that may be covered by data breach insurance include personal information, credit card information, and medical records.

  1. What is cybersecurity?

Cybersecurity is a compilation of technology and network interface processes created to protect your company’s network, programs, computers, and data from a cyber-attack.

  1. What constitutes a cyber-attack?

A cyber-attack is when an outside entity infiltrates your business’s private network to shut down and steal your company’s, your employees, and your clients, sensitive information. This stolen information can be used for ransom and disseminated to the public. Cyber-attackers can target small businesses to gain access to larger companies and their systems as well. 

  1. Should a small business have cyber insurance?

Any business, whether large or small, should have cyber insurance if it handles sensitive customer data. If there’s a breach, the legal fees are often astronomical, and the liability is widespread. 

  1. Are there different types of cyber-attacks?

The different types of attacks include: the Trojan Horse, Phishing, Unpatched Software and the most well-known of them all, Malware.

  1. Trojan Horse: A Trojan horse is a type of malware that disguises itself as legitimate software or a harmless file, tricking the user into downloading and installing it on their device. Once installed, the Trojan horse can carry out a variety of malicious activities, such as stealing sensitive data, modifying, or deleting files, or granting unauthorized access to the infected device.
  2. Phishing: Phishing is a type of social engineering attack where an attacker uses fake emails, websites, or messages to trick users into giving away sensitive information, such as login credentials or credit card numbers. Phishing attacks often use urgency or fear to prompt users to take immediate action, such as clicking on a link or providing personal information.
  3. Unpatched Software: Unpatched software refers to software that has not been updated with the latest security patches or fixes. Attackers can exploit vulnerabilities in unpatched software to carry out attacks, such as remote code execution or data theft. It’s important for users to regularly update their software and apply security patches to help protect against these types of attacks.
  4. Malware: Malware is a type of malicious software that is designed to harm or disrupt computer systems or networks. Malware can take many forms, such as viruses, worms, spyware, or ransomware. Malware can be used to steal sensitive data, damage files, or take control of infected devices. Malware is often spread through phishing emails, malicious websites, or unpatched software vulnerabilities.


  1. Can I get a discount on Cyber Security Insurance?

If you meet the cybersecurity requirements of your insurer, they will offer discounts. Check with your agents to see if you qualify for any.

  1. Is there a difference between a cyber risk and a cyber threat?

Yes, a cyber threat is a potential for a security incident or attack. A cyber risk is the likelihood and potential impact of a loss resulting from a cyber threat. 

Cyber threat: A cyber threat refers to a potential security incident or attack that is aimed at exploiting a vulnerability in a computer system or network. Cyber threats can take many forms, such as malware, phishing, hacking, and denial-of-service attacks. Cyber threats can be intentional or unintentional and can come from a variety of sources, including hackers, cybercriminals, insiders, or nation-state actors.

Cyber risk: Cyber risk is a function of the likelihood and potential impact of a security incident or attack. For example, a company that stores sensitive customer data on its servers may face a high cyber risk if it has weak security controls or a vulnerability that could be exploited by a cyber attacker.

  1. Will my Cyber Insurance protect me if an employee caused the attack?

Yes, cyber insurance protects you in the event of a malware and phishing (and other network breaches) attack even if it has been caused by an employee. Limitations or exclusions may apply depending on the specifics of your policy and the situation. 

  1. What situations does Cyber Insurance not cover?

Cyber insurance doesn’t cover you if you have not made your premium payments or there’s reason to believe you have committed fraud. Limitations or exclusions may also keep you from getting coverage. 

  1. If I’m late on a payment, will my Cyber Security insurance be paused?

No, but your premiums could rise as a result. You’ll need to get on a payment plan or pay by the insurance company’s termination deadline to maintain coverage. 

  1. If I don’t have Cyber Insurance, what would it cost out of pocket to pay for cyber-attack damages?

Cyber-attacks cost companies an estimated $400 billion a year collectively. 

The cost of a cyber-attack for a small business can vary widely depending on a variety of factors, such as the size of the business, the nature of the attack, the type of data that was compromised, and the cost of responding to the attack. 

A single attack cost companies in the U.S. a median of $18,000 in 2022, up from $10,000 in 2021, according to the “Hiscox Cyber Readiness Report 2022.”

  1. Can I make annual payments for my Cyber Insurance coverage?

This will depend on the cybersecurity company you choose.

  1. How long would it take me to find out if my network has been attacked if I don’t have Cyber Insurance?

It takes companies an average of 200 days to learn they have fallen victim to a cyber-attack. If you have cybersecurity, your team will conduct routine check-ups to make sure your network has not been accosted and help give you time to notify those affected. 

  1. How long after a breach occurs do you have to report it without losing coverage?

Many cyber-attacks can take a significant amount of time to uncover. Explore the reporting timeframe for the policies you are considering.  If you feel like late discoveries might present a problem, consider checking if extensions to reporting are offered on your policy.

  1. After reporting a cyber-attack, how quickly does the provider respond?

Just like you have a responsibility to report a breach in a timely manner, your insurer should be contractually obligated to act quickly, too. Check out each prospective providers’ minimum downtown period. If it is 24 hours or longer, factor that into your decision-making process when selecting a policy. 

  1. How often will my insurer check to make sure my network is safe?

This depends on the cybersecurity agency you go with. Some conduct tests weekly and others monthly.

  1. Is the provider knowledgeable about your industry?

Some industries have very specific data compliance rules. Be sure the providers you are considering understand the data handling rules of your field before continuing with them. 

Keep in mind that cyber insurance is a relatively new type of insurance. You want to select a company with a proven track record of offering support and covering claims too. 

  1. How long does it take a Cyber Security company to process a claim?

It can take as long as two to three weeks or longer depending on the situation. 

  1. If a breach occurs, how does that affect your premium?

If you make a claim, understand that the claim will have an impact on your premium and likely increase it. Making a claim on a small breach might not be the best option because of its impact on your premium.

  1. What are the requirements for Cyber Insurance policies?

Before approving applications, most cyber insurance providers require a full cyber security evaluation. This ensures that businesses are taking proactive measures to lower their risk before purchasing cyber insurance. 

  1. How much does Cyber Insurance cost?

The cost will depend on the size of your business, the type of coverage needed, the level of risk your business has, and any prior claims history. 

  1. How to choose a Cyber Security Insurance policy?

Because cybersecurity insurance is new, policies will vary widely from one provider to the next. 

To choose a policy, businesses should: 

  1. Closely review policy details to ensure it contains the necessary protections and provisions. 
  2. Evaluate whether policies provide protection against known and emerging cyber incidents
  3. Look into the cyber insurers’ track record of providing support for cyber-attacks and paying claims. 

With the changing demands and rising costs of cyber insurance, it’s vital to work with a knowledgeable broker or agent. Contact or email Onyx now for a free cyber insurance quote!


More Posts

Send Us A Message

Scroll to Top
Skip to content