Cyber insurance policy terms explained

Insurance policy documents can be hard to understand even if you’ve already bought insurance before. Here are a few common terms you may see, explained.

Cyber insurance is relatively new, so there’s a whole new glossary of terms and conditions you need to understand.

First party vs third party cover

These two terms refer to the two main types of cyber insurance available to business owners.

  • First party is your protection against the direct consequences of a cyber-attack
  • Third party kicks in to cover the impact on people and businesses outside your company

First party cover is there for business interruptions, loss of important data or equipment, and to an extent, communication costs that are incurred when informing your staff and customer base of what’s happened.

This kind of cover should also provide insulation against the costs of investigating the incident.

Third party cyber insurance is there to cover claims for financial losses to your customers, suppliers or any third party that works with your business.

For example if a client sues you for compromising their sensitive data which causes them financial loss..

It will also cover the costs that could follow your company inadvertently infecting others with malware, and forensic investigations that are needed after the attack.

You can find out more about what first party and third party cover offer by reading our guide on What cyber insurance covers.

Types of attacks and data breaches

Denial of Service (DoS) Attack

DoS stands for Denial of Service attack and has been in the media a lot in recent years.

This is when a company system, server or website is shut down by a flood of commands or requests sent by hacked computers. This overwhelms the system causing it to crash.

DoS attacks are carried out on many different scales and have become a major component of organized cyber crime. Many government systems, global banks and massive corporations have fallen prey to this type of attack, so all businesses could be at risk.

A Distributed Denial of Service attack (DDoS attack) is a more sophisticated version of a DoS attack and is when the flood of commands are generated from various locations, making it much harder to stop.

Employee data breach

If sensitive or proprietary information is leaked as a result of employee negligence or a mistake, this is called an employee data breach and is one of the most common cyber attacks.

Often many breaches occur because an employee has unwittingly downloaded a malicious file, installed bad software, clicked through to the wrong website or even accidentally left their computer somewhere.


Malware is an abbreviation of malicious software and refers to a broad range of nasty software programmes used in cyber attacks, including but not limited to:

  • Viruses
  • Trojans
  • Spyware
  • Worms
  • Adware
  • Ransomware

Malware can end up on your computer in lots of different ways, and often once one piece of malware arrives it can open the door to more to follow.

Cyber insurance policies should include attacks that utilise most forms of malware, but always double check the policy documents if you’re unsure.

Phishing attack

A phishing attack is an attempt to gain access to data usually via email.

A phishing email is often made to look like it comes from a legitimate source, for example your bank, by using their branding and mimicking their design.

Phishing emails trick the person reading them into handing over or sharing sensitive data like passwords, bank details or network information.

According to Hiscox, 32% of all data breaches involve phishing and two thirds of phishing attacks also contain malware.

You can read more about Phishing attacks and how they work on the Hiscox website.


Just as people can be held for ransom, so can data.

This type of attack sees hackers locking your system down and demanding sums of money in order to unlock it. It’s an extremely common form of crime that is usually caused by malware which is inadvertently distributed by you or your staff via a malicious website, attachment or application.

These attacks result in a cessation of business activities, loss of income and potentially exorbitant costs should the ransom be paid.

The good news is that the majority of cyber insurance policies cover ransomware, you can find out more about how by reading our guide: What is Ransomware & how to guard against it.


These are the specific issues that a cyber insurance policy will not cover.

It important to understand what these exclusions are, and query them if they don’t look right or don’t look like they would work for you and your company.

Some common exclusions include:

  • Negligence: Where your company did not have the required security measures in place to protect against attack or contingency.
  • Bodily injury: This one may sound unlikely, and for most businesses it is, but it could be relevant if software is used for machinery or vehicles. If a tram driver is injured when the system that controls the tram network’s signalling is hacked, for instance, then there could be claims of bodily injury. Most policies would not cover costs incurred by an incident like this.
  • Intellectual Property: IP protection can be a complicated issue, with far-reaching consequences. Generally, you’ll need a dedicated IP insurance policy to cover yourself for IP breaches. Some cyber policies will cover the cost of IP data breaches, but it’s quite rare unless it’s specifically noted.
  • Wars and invasions: In the event of your country being invaded or attacked, most cyber policies won’t cover the damages incurred. Again, this will not often be an issue.

These are just some possible exclusions. Check any policy carefully, and when necessary ask what is excluded.

You can find out more about how Phishing attacks work and how to guard against them by reading our guide: How to protect your business from phishing scams

Other terms

Risk analysis

A risk analysis is essentially your insurance company’s insurance policy, because it protects them as much as you.

Many insurance companies will request that a risk analysis is conducted on your company before they provide cover.

A risk analysis should be conducted by an impartial third party company, who will thoroughly examine your company’s systems, security measures and IT infrastructure, to make sure that all possible measures are in place to protect you from attack or data breach.

This policy protects both you and the insurer, in that preventative measures make it less likely that you will need to claim but by the same token, if you do claim, the insurance company cannot dispute that you had taken all the appropriate protection measures.


Simply put, encryption keeps private information private.

Data is scrambled using layers of code so that people with the right credentials are able to unlock it. Having encryption in place can protect sensitive data, even if a data breach occurs, as hackers may not be able to decrypt the data they have appropriated.

Intellectual Property

Intellectual Property (IP) is proprietary information that can be important to you or your business.

For example, Coca-Cola’s secret formula is the Coca-Cola Company’s most prized and fiercely protected IP.

Unfortunately, IP theft is a common occurrence. It’s important to know that IP is considered a different class of data, and most cyber-insurance policies won’t cover the consequences of an IP breach happening.

Policy Terms FAQs

This is simply the events which are covered by your cyber insurance policy, for example a data breach or cyber-crime.

Conditions are the things your business needs to do to remain covered by your insurance policy, common conditions of cyber cover policies include:

  • Reporting a claim within a set time frame, e.g. within 7 days of becoming aware of a data breach.
  • Backing up your files on a regular basis, e.g. to a separate cloud storage location every 7 days.
  • Ensuring your business is protected by anti-virus software.
  • Taking reasonable care with your computer systems e.g. installing updates and patches.

Your policy document should include all the conditions of your cover.

Yes, you should be able to see a copy of the cyber insurance policy terms from your insurer before your purchase a policy. Many insurers have a copy of their terms on their website, alternatively you can contact them directly to get a copy sent to you.

This depends on the insurer and what you would like to have changed. If you are taking out an “off the shelf” policy, then it is less likely that you will be able to have the policy terms altered.

If there is something, you are unsure of, or need something in the terms amended then speak directly with the insurer to discuss what you need before you proceed.

It is the period during which you suffer a loss or income or other costs, starting on the date of the cyber event, e.g. data breach.

Martin Lane
Written by Martin Lane, Head of Content
Martin is an experienced writer in the financial services sector previously serving as Managing Editor at with regular guest slots on BBC Radio 4 and featured in the national press.

Cyber insurance buying guide for SME’s




Free for a limited time