Cyber insurance
Cover for losses from cyber incidents such as data breaches, hacking and ransomware.
Definition
Cyber insurance covers the financial consequences of cyber incidents. Cover typically includes data-breach response costs, business interruption from system outages, liability towards affected parties, and sometimes ransomware and recovery expenses. It is increasingly relevant given GDPR obligations and contractual data-security commitments. Policies often require the insured to maintain baseline security controls and to report incidents without delay.
Example
A SaaS provider's cyber insurer covers forensic, notification and legal costs after a ransomware attack exposes customer data.
Why this is a business risk
Cyber incidents can generate costs across multiple categories simultaneously: regulatory fines, client claims, business interruption, forensic investigation and reputational damage. A policy that excludes any of these can leave a significant gap. Businesses that accept data-security obligations in contracts without maintaining adequate cyber cover risk a double exposure: the contractual liability and the uninsured cost of the incident response.
How to manage it
- Map your data-security obligations in every contract and verify that your cyber policy covers each of them, including notification costs and regulatory fines where insurable.
- Maintain the minimum security controls required by your insurer (such as multi-factor authentication and patching schedules), as failing to do so can void cover.
- Test your incident-response plan annually and confirm it aligns with the notification timeframes required by both GDPR and your cyber policy.
- Review the policy exclusions carefully: many cyber policies exclude losses arising from prior known vulnerabilities or from acts of your own insiders.
Legal references
Unless marked otherwise, references are to Dutch law (Burgerlijk Wetboek, the Dutch Civil Code); EU instruments such as the GDPR apply across the EU. This is general information, not legal advice. Other jurisdictions treat these concepts differently. Verify the current text and your situation with a qualified lawyer.
Frequently asked questions
Common questions about this term.