Browse Definitions :

cybersecurity insurance (cybersecurity liability insurance)

Contributor(s): Matthew Haughn

Cybersecurity insurance, also called cyber liability insurance, is a contract that an entity can purchase to help reduce the financial risks associated with doing business online. In exchange for a monthly or quarterly fee, the insurance policy transfers some of the risk to the insurer.

In the United States, most major insurance companies offer customers cybersecurity insurance policy options. Depending on the price and type of policy, the customer can expect to be covered for extra expenditures resulting from the physical destruction or theft of information technology (IT) assets. Such expenditures typically include costs associated with the following:

  • Meeting extortion demands from a ransomware attack.
  • Covering damages to hardware from fire or flood.
  • Notifying customers when a security breach has occurred.
  • Paying legal fees levied as a result of a privacy violations.
  • Hiring computer forensics experts to recover compromised data.

Traditional insurance policies typically exclude cyber-risks and this has led to the growth of cybersecurity insurance as a separate, stand-alone type of coverage. Potential customers include any company that accepts digital payments or stores personally identifiable information (PII) about customers, including medical and financial information.

Many entry-level cybersecurity insurance policies only cover first-party losses but some insurers are beginning to offer policies that cover third-party liability losses as well. Many cybersecurity policies exclude preventable security issues caused by humans such as poor configuration management or the careless mishandling of digital assets.

Typically, pricing is based on the insured entity's annual revenue and industry. To qualify for coverage, the individual or entity typically has to submit to a security audit by the insurance company or provide documentation with the assistance of an approved assessment tool, such as that offered by the Federal Financial Institutions Examination Council.

As of 2019, the cybersecurity market is still young and many companies are choosing to forego this type of insurance because of its uncertain return on investment (ROI). In the United States, the Cybersecurity and Infrastructure Security Agency, which operates under the Department of Homeland Security, is encouraging businesses to improve their cybersecurity in return for more coverage at more affordable rates.

This was last updated in May 2017

Continue Reading About cybersecurity insurance (cybersecurity liability insurance)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats

Powered by:


  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

  • data protection impact assessment (DPIA)

    A data protection impact assessment (DPIA) is a process designed to help organizations determine how data processing systems, ...


  • Port Scan

    A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services ...

  • DMZ (networking)

    In computer networks, a DMZ (demilitarized zone), also sometimes known as a perimeter network or a screened subnetwork, is a ...

  • quantum supremacy

    Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classic computers by ...



  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider.