Cyber insurance is a grey area for many but is becoming a critical component of IT. Cyber Insurance policies can vary widely in terms of coverage and requirements, which can be quite confusing. Some policies may only cover the basics like security monitoring and notifications. While others are more comprehensive and cover bigger events like the cost of legal fees and public relations efforts in the event of a breach.

At the end of the day, it is critical to carefully review all lines of coverage in a cyber insurance policy prior to purchasing. There may be some details that surprise you. Below, we address some of the lesser-known facets of cyber insurance policies to look for before you sign on the dotted line.

  1. Many policies only cover the cost of first-party losses

    If your company is partnered with another business and they too happen to be impacted in the wake of a breach to your business, many policies will not cover their losses. However, in 2023, the tides are beginning to turn. Insurers looking to provide extended coverage may include third parties in their coverage. It is important to carefully review your policy to look for the specifics regarding to third parties if you need this kind of coverage.

  2. Many cyber insurance policies do not cover the cost of future profits

    Yup, it’s a thing. Generally speaking, many cyber insurance policies exclude coverage for the loss of future profits impacted by a cyber event or breach. Given how severe outages can be, this may mean you are not made whole in the event of a serious breach.

  3. Cyber insurance is not a replacement for good cybersecurity practices

    While cyber insurance can provide financial protection in the event of a cyber-attack, it is important for businesses to also implement strong cybersecurity measures to prevent attacks from occurring in the first place – and to mitigate the severity when they do occur. Cyber insurance doesn’t always cover everything, so don’t turn a blind eye to maintaining good practices and cyber hygiene in your business just because you’re covered.

    In 2023, expect multi-factor authentication to be a requirement from all cyber insurance providers. Beyond that, many insurers will look for cyber security programs that include passwordless authentication, a business continuity, and disaster recovery plan, managed endpoint detection and response, and even a zero trust architecture. These elements will help your business thwart common phishing, spear-phishing, and ransomware attacks.

  4. Cyber insurance can be expensive, especially for small businesses

    The cost of a policy will largely depend on the size of your business and the specific type of data you handle. This helps insurers to determine the level of risk you face in the event of a breach. If the data your company possesses is highly sensitive and valuable, you may find that it is reflected in the price of your policy.

  5. Cyber Insurers will likely require a 60-day application process

    This type of audit allows insurers to carefully evaluate your security posture. The timeline is important to consider when seeking coverage, as you’ll likely be faced with a wait before it takes effect. That being the case, it is especially important to invest in strong, modern cyber-security practices to ensure the audit goes favorably.

  6. Cyber insurance policies have a 12-month term

    The digital world is volatile and cybercriminals continue to create attack methods that are sophisticated and aimed at working around cyber security programs. Things change fast, and because of this, most policies are only good for 12 months before renewal. That being said, make sure your business continues to invest in security and modern infrastructure, so you don’t see any future gaps in coverage.


Although cyber insurance may be a brave new frontier for many businesses, it doesn’t have to be confusing. When it comes time to look for a policy that is right for your business, make sure you’re familiar with what needs to be addressed and prepared with a cybersecurity strategy that is modern and effective.

If you have failed an audit, or want some help with getting your IT modernized, please contact us.



Contact us learn more about balancing security and employee experience