What is cyber insurance?

Cyber insurance is insurance for the costs associated with data breaches, cyber-crime and cyber-related threats which cause damage through attacks against business information systems or which arise from the use of technology within organisations.

Cyber insurance has developed in response to the growth in cyber-crime and risks related to the collection and use of data as society becomes more digitally connected and technology-interdependent.

Cyber-related events result in both first-party and third-party losses. Cyber insurance responds to losses that are specified in the cyber policy.

First-party loss is loss suffered by the insured itself when a cyber event occurs. These are primarily expenses incurred by an insured to investigate, respond and remediate a cyber incident but can also include business interruption costs, loss of profits, regulatory fines or penalties, and ransom payments.

Third-party loss is loss suffered by clients or other parties resulting from a cyber incident which an insured caused to occur or had an obligation to ensure did not occur. These losses are generally the subject of a claim for damages or compensation by the client or third party, pursuant to a recognised cause of action such as a negligence claim, or an action for breach of confidentiality. They may also result in significant defence costs.