What is not covered by cyber liability insurance?

Exclusions may include pre-existing breaches, intentional acts by insiders, and failure to maintain basic security measures.

Cyber liability insurance is designed to protect businesses from various cyber threats, but it doesn't cover everything. One exclusion is pre-existing breaches, meaning any data breaches or cyber incidents that occurred before your policy started won't be covered. This is similar to how health insurance doesn't usually cover pre-existing conditions. Another exclusion involves intentional acts by insiders, such as an employee deliberately leaking sensitive information or committing fraud. Cyber insurance typically won't cover these malicious internal acts since they are within the organization's control. Lastly, if a company fails to maintain basic security measures, such as using outdated antivirus software or not applying critical software updates, any resulting cyber incidents may not be covered. Insurers expect companies to take reasonable steps to protect their data and networks, and neglecting these basics could void coverage for certain incidents.

Imagine a small retail business that is hacked, leading to a data breach exposing customer information. If the breach occurred due to an outdated server that was known to be vulnerable before the business obtained cyber liability insurance, the insurer might deny the claim due to this pre-existing condition. Additionally, if an employee was found to intentionally leak this information, this act wouldn't be covered by the insurance. Finally, if the breach happened because the business failed to implement a recommended software update for six months, this lack of basic security maintenance could also lead to denial of claims.

To ensure you are well covered by your cyber liability insurance, regularly review and update your cybersecurity measures. Make sure your systems are up-to-date, use robust anti-virus software, and train your employees on cybersecurity best practices to prevent internal breaches. Additionally, clearly document any security measures you have in place, and stay informed about what your policy covers and excludes. By being proactive about cybersecurity, you can minimize the risk of uncovered claims and better protect your business.