Cyber Insurance
Insurance policies that cover financial losses arising from cyber incidents — including data breaches, ransomware payments, fraud, and notification costs — for businesses and increasingly for consumers.
Also known as: cybersecurity insurance, data breach insurance, identity theft insurance
Last reviewed: 10 June 2026
Cyber insurance policies indemnify policyholders against the financial consequences of cyber incidents. Business policies typically cover incident response costs, legal and regulatory fees, notification costs for breach victims, ransomware extortion payments, business interruption losses, and third-party liability. Consumer-focused policies, often added to home or identity-theft insurance, may cover fraud losses, credit monitoring, and resolution assistance.
The cyber insurance market has tightened significantly as claim costs have risen. Insurers increasingly require policyholders to demonstrate security baselines — MFA on remote access, patch management, network segmentation — as conditions of coverage or pricing. Policies include sub-limits, exclusions for unencrypted devices, and carve-outs for nation-state attacks and certain negligence scenarios.
For consumers and businesses evaluating cyber insurance, the coverage terms matter as much as the premium. Understanding whether a policy covers social-engineering fraud (where an employee was tricked rather than a system breached), what fraud loss limits apply, and whether incidents must be reported within a narrow window are all critical before relying on the policy as a financial backstop.