Cyber insurance covers the financial costs you face when a cyber incident hits your business. These costs fall into two main categories: first-party coverage (costs to YOUR business) and third-party coverage (claims FROM others). Understanding what's included — and what sub-limits apply — is essential before you buy.
First-Party Coverage: Costs to Your Business
First-party coverage pays for the direct costs your organisation incurs responding to and recovering from a cyber incident.
- Incident response costs: Forensic investigation, breach containment, hardware seizure, and emergency technical support to stop the attack and understand how it happened.
- Data recovery and system restoration: Costs to rebuild systems, restore data from backups, and return to normal operations.
- Business interruption losses: Lost revenue while your systems are down and you cannot operate. Also covers overtime and expedited recovery expenses.
- Ransomware and extortion payments: Where legally permitted, coverage may include ransom payments and extortionists' demands (though many policies now exclude ransom to avoid funding criminal activity).
- Breach notification costs: The expense of informing affected individuals by mail, email, or phone — often a significant cost in large-scale breaches.
- Credit monitoring services: Providing affected individuals with credit monitoring, identity theft protection, and other support services.
- PR and crisis management: Costs for public relations firms, customer communication campaigns, and reputation repair following a high-profile breach.
- Regulatory defence costs: Legal fees to defend against investigations and enforcement actions by data protection authorities.
- PCI DSS fines and assessments: Penalties issued by payment card networks for security failures affecting payment systems.
Third-Party Coverage: Claims From Others
Third-party coverage protects your business when other parties (customers, partners, regulators) hold you responsible for losses caused by your cyber incident.
- Legal defence costs: Attorney fees to defend against lawsuits brought by affected customers or partners.
- Settlements and judgments: Compensation payments awarded by courts or agreed in settlement negotiations.
- Regulatory fines and penalties: Fines imposed by data protection authorities (where insurable under the policy's jurisdiction).
- Media liability claims: Claims arising from content published on your website or social media that third parties allege is defamatory or otherwise unlawful.
- Privacy liability: Claims that your business has mishandled personal data, breached privacy obligations, or failed to secure sensitive information.
- Network security liability: Coverage if your systems are exploited to attack other organisations, and those organisations hold you liable.
- Technology errors and omissions: Claims that your software, service, or advice caused financial loss to customers.
Additional Coverages to Look For
Many cyber policies offer optional or add-on coverages beyond the standard first and third-party categories:
- Social engineering and funds transfer fraud: Covers losses when an attacker tricks employees into transferring money or revealing login credentials.
- Reputational harm coverage: Compensation for losses caused by a damaged reputation — though this is often very limited in scope.
- Dependent business interruption: Coverage if a critical supplier or partner is breached and their downtime affects your operations.
- Bricking coverage: Protection against attacks that render hardware permanently unusable or require full replacement.
- Cryptojacking: Coverage for costs arising from unauthorised use of your computing resources to mine cryptocurrency.
- Invoice manipulation fraud: Covers losses when an attacker intercepts email and redirects invoices or payment instructions to fraudulent accounts.
Understanding Sub-Limits
Many coverages come with sub-limits — a maximum amount the insurer will pay for that specific type of claim, separate from the main policy limit. This is crucial: a £5M cyber insurance policy might only cover £500K for ransomware payments, £250K for notification costs, and £1M for business interruption. You could exhaust multiple sub-limits while the overall policy limit remains partly unused.
When comparing policies, always check the sub-limits for coverages that matter most to your business. If you operate in a regulated industry or handle large amounts of personal data, make sure notification costs and regulatory defence sub-limits are adequate. If you rely on IT systems to operate, ensure business interruption sub-limits are sufficient to cover your daily losses.
Coverage Comparison
Here's a quick reference table for common cyber insurance coverages:
| Coverage Type | Category | Typical Sub-Limit |
|---|---|---|
| Incident response costs | First-party | £100K – £500K |
| Business interruption loss | First-party | £250K – £2M |
| Ransomware payment | First-party | £250K – £1M |
| Breach notification costs | First-party | £100K – £500K |
| Legal defence costs | Third-party | No separate limit |
| Settlements and judgments | Third-party | No separate limit |
| Regulatory fines | Third-party | £500K – £2M |
| Social engineering fraud | Additional | £50K – £250K |
Ready to find the right cyber insurance for your business?
Get a Quote → and we'll match you with a specialist broker who can explain sub-limits and coverage gaps specific to your risk profile.