Cyber insurance - Common exclusions
As with any insurance policy, it is crucial to review not only what is covered by your insurer but also what is excluded. You should be looking at exclusions and also definitions and conditions when examining your policy. Many exclusions in cyber insurance are the same as those in other insurance policies such as war and terrorism but there are also some that are specific to cyber insurance, including:
Court Jurisdiction
It is always worth checking which territories a cyber policy applies to. While policies purchased in the UK normally include territories in the European Union and much of the rest of the world in their cover, North America is often excluded.
Claims brought by Related Entities
Whilst cyber insurance will protect your business from loss of customer data and any claims which arise as a result of this loss, policies do not normally include liability claims brought by entities related to your business such as your own employees, contractors and partially owned subsidiaries of your business. For example, if employees seek redress for the loss of their personal information following a data breach, this would not be covered.
Bodily Injury and Property Damage
Cyber insurance policies will replace losses in the digital sphere but will not usually cover damage to physical property or bodily injury (death, sickness, disease or physical injury) which results from a cyber incident, as these are often covered by other insurance policies such as property or liability insurance.
Critical National Infrastructure
Losses arising from failure of or outage to critical national infrastructure, such as electricity, gas, water, satellite or telecommunications, are excluded. As with war and terrorism, the risk is so large and beyond the capacity of individual insurers.
Cyber Warfare
Losses to businesses that result from cyber warfare and cyber-attacks that may be linked to the actions of a particular country or government are common exclusions due to the risks being so large and beyond the capacity of individual insurers.
Fines, Penalties and Sanctions
Cyber insurance will not cover criminal, civil or regulatory fines, penalties or sanctions that your business is legally obliged to pay.
Exclusions will vary between insurers so it is important to understand terms and conditions. Speak to your broker or insurer directly if you are unsure about any terms.