What is not covered by cyber insurance?

Cyber insurance is designed to protect individuals and businesses against losses resulting from cyber attacks, data breaches, and other cyber incidents. However, like any insurance policy, there are certain exclusions and limitations that may not be covered by cyber insurance.

Here are some examples of what may not be covered by cyber insurance:

1. Intentional acts: Cyber insurance typically does not cover losses resulting from intentional acts or fraud committed by the policyholder or its employees.
2. Known vulnerabilities: If a policyholder fails to address known vulnerabilities or security gaps in their system, the insurer may deny coverage for losses resulting from a cyber attack.
3. Unapproved software: If the policyholder uses unapproved or unlicensed software, the insurer may deny coverage for losses resulting from a cyber attack.
4. Losses not related to cyber incidents: Cyber insurance typically only covers losses resulting from cyber incidents, such as data breaches, cyber attacks, or system failures. It may not cover losses resulting from other causes, such as natural disasters, human error, or theft.
5. Regulatory fines: Cyber insurance may not cover fines or penalties imposed by regulatory agencies for non-compliance with data protection laws.
6. Losses from third-party vendors: Cyber insurance may not cover losses resulting from third-party vendors or service providers, unless specifically included in the policy.
7. War or terrorism: Cyber insurance policies may exclude losses resulting from acts of war or terrorism.

It is important to carefully review the terms and conditions of a cyber insurance policy to understand what is covered and what is not covered.

Learn more about At-Bay’s Cyber Insurance coverage highlights