5 Cyber Insurance Claims That Will Surprise You
Think cyber insurance only covers big ransomware attacks? Think again. Here are five real claims from small businesses that show the breadth - and limits - of cyber coverage.
Details have been anonymized to protect privacy, but these are based on actual claims from 2023-2024.
Claim #1: The $50,000 Typo
The Incident
A small accounting firm’s office manager received an email that appeared to be from the CEO asking her to wire $50,000 to a vendor for an “urgent payment.” The email looked legitimate - correct signature, company branding, even reference to a real client project.
She wired the money. It was fraud.
The Coverage Response
What was covered:
- ✅ Investigation costs ($8,000 for forensics and legal review)
- ✅ Fraud loss ($50,000 wire transfer)
- ✅ Credit monitoring for employees whose email was compromised
What wasn’t covered:
- ❌ Additional money lost to follow-up attempts (happened after coverage limit was reached)
Total claim: $58,000 Lesson: Even simple social engineering can trigger large claims. MFA on email might have prevented this.
Claim #2: The Ransomware Recovery That Wasn’t
The Incident
A dental practice got hit by ransomware that encrypted all patient files, appointment systems, and billing records. The attackers demanded $25,000 in Bitcoin.
The practice had cyber insurance and recent backups. Should be simple, right?
The Coverage Response
What was covered:
- ✅ Incident response team ($15,000)
- ✅ Business interruption for 2 weeks ($12,000)
- ✅ Patient notification costs ($8,000)
What wasn’t covered:
- ❌ Ransom payment (policy excluded payments to sanctioned entities)
- ❌ Data reconstruction costs (backups were corrupted and incomplete)
- ❌ System replacement costs (considered infrastructure, not cyber loss)
Total claim: $35,000 Out-of-pocket costs: $45,000 for new systems and data reconstruction Lesson: Test your backups regularly. “Having backups” isn’t the same as “having working backups.”
Claim #3: The Helpful IT Vendor
The Incident
A small law firm hired a new IT consultant to upgrade their systems. The consultant installed remote access software to provide ongoing support.
Three months later, the firm discovered the “consultant” had been accessing client files and selling information to competitors.
The Coverage Response
What was covered:
- ✅ Legal fees for client notification ($25,000)
- ✅ Credit monitoring for affected clients ($15,000)
- ✅ Regulatory fines from the state bar ($10,000)
- ✅ PR and crisis management ($8,000)
What wasn’t covered:
- ❌ Lost clients and revenue (business income exclusion for reputational harm)
- ❌ Civil lawsuit defense (covered under professional liability, not cyber)
Total claim: $58,000 Lesson: Insider threats are covered, but reputational damage is hard to recover - financially and otherwise.
Claim #4: The Cloud Backup Surprise
The Incident
A marketing agency’s cloud storage account was compromised. The attacker deleted all files and backups, including client campaigns, creative assets, and financial records.
The agency assumed their cloud provider’s “backup” service meant everything was safe.
The Coverage Response
What was covered:
- ✅ Data recovery specialist fees ($20,000)
- ✅ Business interruption for 1 month ($18,000)
- ✅ Client notification and credit monitoring ($5,000)
What wasn’t covered:
- ❌ Recreating lost creative work (considered normal business expense)
- ❌ Lost client projects that couldn’t be recovered
Total claim: $43,000 Unrecoverable losses: Approximately $80,000 in lost work Lesson: Cloud storage ≠ backup. You need independent, tested backup solutions.
Claim #5: The Phishing Email That Kept Giving
The Incident
An employee at a small nonprofit clicked a phishing link that installed malware. The malware sat dormant for 6 months, then activated during a major fundraising campaign.
It sent fraudulent donation requests to the nonprofit’s entire donor database.
The Coverage Response
What was covered:
- ✅ Incident response and forensics ($12,000)
- ✅ Donor notification and credit monitoring ($22,000)
- ✅ Legal fees for regulatory investigation ($18,000)
- ✅ Lost donation recovery efforts ($8,000)
What wasn’t covered:
- ❌ Reputation rehabilitation beyond immediate crisis response
- ❌ Long-term impact on donor trust and giving
Total claim: $60,000 Lesson: Dormant malware can trigger claims months after initial infection. EDR tools might have caught this earlier.
Key Takeaways for Your Business
What Cyber Insurance Does Well
- Incident response: Almost always covered and valuable
- Legal costs: Notification requirements, regulatory defense
- Business interruption: Covers lost income during recovery
- Third-party costs: Credit monitoring, forensics, PR support
Common Coverage Gaps
- Infrastructure replacement: Hardware/software costs often excluded
- Long-term reputation damage: Hard to quantify and prove
- Incomplete backups: Recovery costs may not be fully covered
- Regulatory fines: Some states/industries have exclusions
How to Avoid These Claims
- Implement MFA - Would have prevented Claims #1 and #5
- Test backups regularly - Would have reduced impact of Claim #2
- Vet third parties carefully - Would have prevented Claim #3
- Use proper backup strategies - Would have prevented Claim #4
- Deploy EDR tools - Would have caught Claim #5 earlier
Questions to Ask Your Carrier
- Are ransom payments covered? Any exclusions?
- What backup testing is required to ensure data recovery coverage?
- How is “business interruption” calculated for cyber events?
- Are there sublimits on incident response or legal costs?
The Real Value of Cyber Insurance
These claims show that cyber insurance isn’t just about ransomware. It’s about having expert help when things go wrong, covering costs you didn’t expect, and getting your business back on its feet.
But insurance is a safety net, not a substitute for good security. The businesses that recovered best had:
- Strong security controls that limited the damage
- Clear incident response plans
- Good relationships with their insurance carriers
- Realistic expectations about coverage
Want to avoid becoming a claim story? Check out our security guides and industry-specific recommendations for practical steps to protect your business.
Shopping for coverage? Our state and industry guides help you find carriers that understand your specific risks.