Every cyber policy should be tailored and unique to your business risk. But a stand-alone standard cyber insurance policy is built on key foundational pillars of coverage: first-party loss, third-party liability, and incident response.
1st party losses (Your operational costs)
- Business interruption costs: Covers lost profit and the additional expenses required to maintain business operations during downtime.
- Dependent business interruption costs: Covers lost revenue if a critical third-party supplier’s systems fail, such as payroll software or CRM platforms.
- Digital asset restoration costs: Pays for the recovery, re-creation, and/or restoration of software systems and configuration of data that has been damaged, deleted or encrypted.
- eCrime: Covers the financial loss from digital fraud.
- Reputational harm: Covers lost revenue from a measurable decline in client confidence.
- Hardware replacement – Covers the repair or replacement of damaged IT equipment.
3rd party liabilities (Claims made against you)
- Payment of regulatory fines: Where insurable by law, the policy will pay ICO fines or penalties.
- Data & network privacy liability: Covers damages and legal costs if you are held liable for a privacy breach.
- Defence fees & court attendance costs: Pays solicitor fees and related expenses to defend you in court.
Incident response
- Recovery team: Provides 24/7 access to technical, forensic, legal, PR, and ransom negotiation experts to contain an incident and recover as quickly as possible.
What are the standard exclusions in a cyber insurance policy?
- War exclusions: Losses caused by acts of war, terrorism, or nation-state cyber attacks.
- Critical vulnerability exclusion: Claims may be denied if an attack exploited a known, unpatched critical vulnerability that the insured failed to remediate within a set timeframe.
- Professional services exclusion: Losses arising from errors or negligence in the insured’s delivery of professional services to clients (e.g., consulting, IT services)
- Widespread events exclusion: Losses tied to mass cyber incidents (such as global ransomware outbreaks or internet infrastructure attacks). They could impact many organisations at once and create catastrophic exposure for insurers.
- Funds transfer fraud without dual authentication: Losses from fraudulent transfers if the insured didn’t use required safeguards, like multi-factor or dual authorisation, before releasing funds.
What triggers a claim in a cyber insurance policy?
In the event of a cyber breach, the coverages included in cyber insurance policies can only be unlocked if the right triggers are in place. The broader the definition, the better, but the two most significant triggers of a policy are:
| System failure | Security breach |
|---|---|
| Ransomware encryption | Unauthorised access |
| Malware infection | Exfiltration of sensitive data |
| Database crashes | Loss or theft of devices |
| Email server outages | Phishing or credential compromise |
| Denial-of-Service (DoS/DDoS) overloads | Privilege escalation |
| Cloud service disruption | Accidental disclosure |
| Failed patches | Third-party/vendor breach |
How to claim on your cyber insurance policy?
Claims handling isn’t a handoff, it’s a relationship. Your broker needs to be embedded in the claims process from day one. The focus needs to be on returning your business to normal and recovering your financial loss as efficiently as possible.
- Notify your incident response team and your broker of a suspected breach
- The incident response team will coordinate with the vendors on your policy and respond to the breach
- The insurer ensures the payment of claim expenses and enables the policyholder to get back to business as usual.
Businesses in the consumer staples industry (agriculture, food and beverage, personal hygiene, etc.) experienced the highest claims frequency in 2024, increasing 17% YoY to 2.60% with an average of 2.29% over the past three years. According to Coalition’s 2025 Cyber Claims Report
FAQs
Does cyber insurance cover ransomware attacks?
The Cyber Security Breaches Survey 2025 (by the UK government) shows that ransomware directly affected 19,000 businesses. Due to its rise in prominence, a standard cyber insurance policy will cover the first party, third party and incident response costs of all ransomware attacks
Are GDPR fines insurable under a UK cyber policy?
Not always. Some costs linked to GDPR investigations can be covered, such as defence and settlement expenses, but UK law prohibits insurers from paying certain regulatory fines outright. The wording varies by insurer, which is why brokers push for extensions that give clients the broadest protection possible.
Does cyber insurance cover supply chain attacks?
Yes, most standalone cyber policies include ‘dependent business interruption’ cover, which responds if a third-party supplier’s breach directly impacts your operations. The key is proving the link between the supplier’s outage and your loss. Strong policy wording makes the difference between a paid claim and a denial.
How quickly can you make a claim under a cyber policy?
There is no ‘one size fits all’ timeline for a claim process, but speed is vital. Policies are written on the basis that you notify your insurer or broker the moment a breach is detected, usually through the 24/7 incident response hotline listed in your policy. Early notification is what triggers forensics, legal, and PR support.