Cyber Insurance Glossary

A

Actual Cash Value (ACV)

The replacement cost of damaged or stolen property minus depreciation. In cyber policies, this typically applies to hardware damaged during an incident.

Admission Liability

Coverage for claims arising from the policyholder’s admission or acknowledgment of a data breach or security incident.

Aggregate Limit

The maximum amount an insurer will pay for all claims during a policy period, regardless of the number of incidents. Example: A $2M aggregate means total payouts cannot exceed $2M per year.

Application Security

Security measures implemented in software applications to prevent vulnerabilities. Strong application security can reduce cyber insurance premiums.

Attack Surface

The total number of points where an unauthorized user can attempt to enter or extract data. Insurers assess attack surface size during underwriting.

Authentication

The process of verifying a user’s identity. See also: Multi-Factor Authentication (MFA).

B

Backdoor

A hidden method of bypassing normal authentication in a computer system. Discovery of backdoors in your systems can affect insurability.

Backup

A copy of data stored separately from the original. Tested, offline backups are a key underwriting factor for cyber insurance.

Betterment

Improvements made to systems during recovery that exceed the pre-incident state. Many policies exclude betterment costs.

Bodily Injury

Physical harm to a person. Traditional cyber policies typically exclude bodily injury; specialized coverage may be needed for IoT/OT environments.

Botnet

A network of compromised computers controlled remotely. Botnet infections can trigger business interruption coverage.

Breach Coach

An attorney specializing in data breach response who coordinates the incident response team. Many policies provide access to a breach coach.

Breach Notification

Legal requirement to inform affected individuals and regulators of a data breach. Notification costs are a core first-party coverage.

Business Email Compromise (BEC)

A scam where attackers impersonate executives or vendors to trick employees into transferring funds. Also called “CEO fraud.” Coverage varies significantly between policies.

Business Interruption

Coverage for lost income when operations are disrupted by a cyber incident. Key factors include waiting period and coverage period length.

C

Carve-out

An exclusion that removes a specific type of loss from coverage. Example: “Cryptocurrency carve-out” excludes losses involving digital currency.

Claim

A formal request to an insurance company for coverage or compensation for a covered loss.

Claims-Made Policy

A policy that covers claims made during the policy period, regardless of when the incident occurred (subject to retroactive date). Most cyber policies are claims-made.

Cloud Security

Security measures for cloud computing environments. Cloud misconfigurations are a leading cause of data breaches.

Coinsurance

A provision requiring the policyholder to pay a percentage of each claim. Example: 20% coinsurance means you pay 20% of every covered loss.

Computer Fraud

The use of computers to steal money, securities, or property. Often has separate sublimits from other coverages.

Contingent Business Interruption

Coverage for income loss when a third party’s systems (vendor, supplier, cloud provider) are disrupted. Also called “dependent business interruption.”

Coverage Territory

Geographic areas where the policy provides coverage. Most cyber policies provide worldwide coverage.

Credit Monitoring

Service provided to breach victims to monitor their credit reports for signs of identity theft. A common first-party coverage expense.

Crisis Management

Coverage for public relations, communications, and reputation management following an incident.

Cryptojacking

Unauthorized use of computing resources to mine cryptocurrency. May or may not be covered depending on policy language.

Cyber Extortion

Threats to damage systems, release data, or disrupt operations unless payment is made. Includes ransomware. See also: Ransomware.

Cyber Liability

Third-party coverage for claims and lawsuits arising from cyber incidents, including privacy liability and network security liability.

D

Dark Web Monitoring

Services that scan dark web forums and marketplaces for stolen data. Some policies include this as a post-breach service.

Data Breach

Unauthorized access to or acquisition of sensitive data. The triggering event for most cyber insurance claims.

Data Recovery

The process of restoring lost or corrupted data. First-party coverage typically includes data recovery costs.

DDoS (Distributed Denial of Service)

An attack that overwhelms systems with traffic to disrupt operations. Can trigger business interruption coverage.

Deductible

The amount the policyholder must pay before insurance coverage begins. Also called “retention.” Higher deductibles = lower premiums.

Defense Costs

Legal fees and expenses to defend against claims and lawsuits. Most policies cover defense costs in addition to limits.

Digital Asset

Any data stored digitally, including software, databases, and digital media. Policies may define covered digital assets specifically.

Due Diligence

The investigation and verification process before binding a policy. Insurers conduct due diligence to assess risk.

Duty to Defend

The insurer’s obligation to provide legal defense for covered claims, even if the claim is ultimately found to be groundless.

E

Encryption

The process of encoding data so only authorized parties can access it. Encryption of data at rest and in transit affects underwriting.

Endpoint

Any device that connects to a network (computers, phones, tablets, IoT devices). Endpoint security is a key underwriting factor.

Endpoint Detection and Response (EDR)

Advanced security software that monitors endpoints for threats and enables rapid response. Having EDR can reduce premiums by 10-20%.

Errors and Omissions (E&O)

Professional liability coverage for negligent acts or omissions. Cyber E&O covers technology-related professional services.

Exclusion

A provision that removes specific risks or scenarios from coverage. Common exclusions include war, intentional acts, and prior known incidents.

Extended Reporting Period

Additional time after policy expiration to report claims for incidents that occurred during the policy period. Also called “tail coverage.”

F

First-Party Coverage

Coverage for the policyholder’s own losses, including breach response costs, business interruption, and data recovery.

Forensic Investigation

Expert analysis to determine the cause, scope, and impact of a cyber incident. A key first-party coverage expense.

Fraudulent Instruction

A type of social engineering where employees are tricked into transferring funds based on fake instructions. Coverage varies by policy.

Full Limits

When defense costs are paid within the policy limits, reducing the amount available for settlements. Opposite of “defense costs outside limits.”

G

GDPR (General Data Protection Regulation)

European Union privacy regulation with significant penalties for non-compliance. GDPR fines may or may not be covered by cyber insurance.

Gratuitous Payment

Voluntary payments made to affected individuals beyond legal requirements. Coverage for gratuitous payments varies.

H

Hammer Clause

A provision allowing the insurer to limit liability if the policyholder refuses a reasonable settlement offer.

HIPAA (Health Insurance Portability and Accountability Act)

U.S. regulation governing healthcare data privacy and security. HIPAA violations can trigger regulatory coverage.

Hotline

24/7 phone number provided by insurers for reporting incidents. Prompt reporting is typically a policy requirement.

I

Incident Response

The process of detecting, containing, and recovering from a cyber incident. Policies typically cover incident response costs.

Incident Response Plan (IRP)

Documented procedures for responding to cyber incidents. Having an IRP can reduce premiums and is often a policy requirement.

Indemnity

Compensation for loss or damage. Insurance policies indemnify policyholders for covered losses.

Infrastructure Attack

Attack on critical infrastructure systems (power, water, transportation). Often excluded or limited in cyber policies.

Insurable Interest

A legal requirement that the policyholder would suffer financial loss from the insured event.

Insuring Agreement

The section of a policy that describes what is covered. Understanding insuring agreements is crucial for coverage analysis.

L

Liability Coverage

See Third-Party Coverage.

Limits of Liability

The maximum amount an insurer will pay for a covered loss. Can be expressed as per-incident and aggregate limits.

Loss Control

Risk management activities to prevent or reduce losses. Insurers may require specific loss control measures.

Loss of Business Income

Revenue lost during a cyber incident. A component of business interruption coverage.

M

Malware

Malicious software designed to damage or gain unauthorized access to systems. Includes viruses, trojans, ransomware, and spyware.

Media Liability

Coverage for claims arising from website content, including copyright infringement, defamation, and privacy violations.

Multi-Factor Authentication (MFA)

Security requiring two or more verification methods to access systems. MFA is now required by most cyber insurers and significantly reduces premiums.

N

Named Insured

The person or entity specifically named in the policy. Coverage may extend to subsidiaries and employees.

Network Security

Measures to protect computer networks from unauthorized access. Network security failures are a common claim trigger.

Network Security Liability

Third-party coverage for claims arising from failure to protect your network, resulting in harm to others.

Notice of Claim

Formal notification to the insurer of a potential or actual claim. Timely notice is typically required for coverage.

P

Panel Vendor

Pre-approved service providers (forensics, legal, PR) that insurers contract with to handle claims. Using panel vendors may be required or incentivized.

PCI DSS (Payment Card Industry Data Security Standard)

Security standards for organizations handling credit card data. PCI fines and assessments may be covered.

Personally Identifiable Information (PII)

Data that can identify an individual, such as names, Social Security numbers, and email addresses.

Phishing

Fraudulent emails designed to trick recipients into revealing information or clicking malicious links. The most common initial attack vector.

Policy Period

The time during which the policy provides coverage, typically one year.

Premium

The amount paid for insurance coverage. Cyber premiums vary based on risk factors, coverage limits, and deductibles.

Prior Acts Coverage

Coverage for incidents that occurred before the policy inception but are discovered during the policy period. Controlled by the retroactive date.

Privacy Liability

Third-party coverage for claims arising from failure to protect private information.

Proof of Loss

Documentation required by insurers to process a claim, including evidence of the incident and financial impact.

Protected Health Information (PHI)

Health-related data protected under HIPAA. PHI breaches often result in larger claims.

R

Ransomware

Malware that encrypts data and demands payment for the decryption key. A leading cause of cyber insurance claims.

Regulatory Coverage

Coverage for fines, penalties, and defense costs related to regulatory investigations and proceedings.

Reputational Harm

Damage to an organization’s reputation following an incident. Crisis management coverage addresses reputational harm.

Reservation of Rights

A letter from an insurer stating they are investigating a claim but reserving the right to deny coverage based on policy terms.

Retention

See Deductible.

Retroactive Date

The earliest date for which a claims-made policy provides coverage. Incidents before this date are not covered.

Risk Assessment

Evaluation of an organization’s cyber risks and vulnerabilities. Insurers conduct risk assessments during underwriting.

Risk Transfer

Shifting financial risk to another party (the insurer) through insurance.

S

Security Awareness Training

Employee education programs about cyber threats and safe practices. A common underwriting requirement.

Self-Insured Retention (SIR)

The amount a policyholder must pay before coverage begins, similar to a deductible but with different legal implications.

Social Engineering

Psychological manipulation to trick people into making security mistakes or giving away sensitive information.

Spoofing

Impersonating a trusted source (email address, website, phone number) to deceive victims.

Subrogation

The insurer’s right to pursue third parties responsible for a loss after paying a claim.

Sublimit

A cap on coverage for a specific type of loss, lower than the overall policy limit. Example: $100K sublimit for ransomware within a $1M policy.

System Failure

Unintentional system outage not caused by a cyber attack. Some policies cover system failure; others exclude it.

T

Tail Coverage

See Extended Reporting Period.

Third-Party Coverage

Coverage for claims and lawsuits brought against the policyholder by others (customers, partners, regulators).

Threat Actor

An individual or group responsible for a cyber attack. Understanding threat actors helps assess risk.

Trigger

The event that activates insurance coverage. Common triggers include discovery of a breach, receipt of a claim, or occurrence of an incident.

U

Underwriting

The process of evaluating risk to determine whether to offer coverage and at what price.

Unintentional Act

An act done without intent to cause harm. Policies typically cover unintentional acts but exclude intentional misconduct.

V

Vendor Management

Oversight of third-party vendors and their security practices. Poor vendor management is a common source of breaches.

Vicarious Liability

Legal responsibility for the actions of another party (such as a vendor or contractor).

Vulnerability

A weakness in a system that can be exploited by attackers. Vulnerability management is a key security control.

W

Waiting Period

The time between when a business interruption begins and when coverage starts. Also called “time retention.” Common waiting periods are 8-24 hours.

War Exclusion

A policy provision excluding losses caused by war, military action, or nation-state attacks. The scope of war exclusions is heavily debated.

Wire Transfer Fraud

Theft through fraudulent electronic fund transfers. Often falls under social engineering or computer fraud coverage.

Z

Zero-Day Vulnerability

A software vulnerability unknown to the vendor with no available patch. Zero-day exploits present unique coverage challenges.

Zero Trust

A security model requiring verification for every access request, regardless of location. Implementing zero trust can improve insurability.

Need Help Understanding Your Policy?

This glossary is for educational purposes. Policy definitions may vary by carrier. Always review your specific policy language.