Common Exclusions Under Cyber Insurance Policies

Rehana MoosaBy Rehana Moosa

Understanding the types of losses and costs that cyber insurance excludes is as important as understanding what it covers.  In this blog post, we review common exclusions in first party coverage.


Property Damage


Following a cyber attack, one of the most common expenses a business will incur is the replacement of computer hardware and software.  Sometimes, the extent of the cyber attack is so severe, the insured’s existing hardware and software are corrupted and can no longer be used.  Servers, laptops, and programs are among the items that may need to be replaced after an attack.


Many cyber insurance policies, however, exclude the purchase of new computer hardware and software items under a “property damage” exclusion.  Under these policies, “property damage” is defined as the loss or destruction of property, or the inability to use the property even if it is not damaged or destroyed. 


In policies that do cover property damage, there are usually exclusions that prevent the insured from recovering costs to upgrade or update their computer systems beyond the level that existed prior to the cyber attack.  In other words, any improvements made to the computer system, even if required to prevent another attack in the future, are generally excluded from coverage.


Mechanical Failure, Programming Errors and Wear & Tear


Cyber policies do not cover losses that are caused by errors in the programming or configuration of computer equipment, mechanical failure, or wear and tear.  Mechanical failure can be caused by events such as an electrical disturbance / spike, blackout, or internet outage.


Generally, cyber policies cover losses that are caused by intentional malicious acts, as opposed to events that are outside the insured’s control and caused by accidental or unplanned occurrences.


Losses Caused by the Insured’s Dishonest Acts


Cyber insurance does not cover any losses that are caused by an insured’s own fraudulent or criminal acts, or any acts indicative of an intentional violation of the law.  This exclusion prevents an insured from profiting from their own dishonest acts.

This exclusion can apply to both senior level employees of the insured, as well as past and present employees and independent contractors.  For the exclusion to apply, policies normally require that the insured’s employees participated in, approved of, or had knowledge of the dishonest act, and the act caused the insured to suffer a loss.


Contact us to learn more.   647-426-0146  |

Communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. For permission to republish this content, please contact Rehana Moosa Forensic Accounting Professional Corporation.

Back to Knowledge

Related Knowledge

Computing Cyber Insurance

It is common knowledge that cyber attacks are happening more frequently and with dire financial consequences.…read more

Why Fraud Cannot Be Fully Prevented

When a business is a victim of fraud, it is common practice to review the internal controls that were…read more

The Case of the Paltry Policy

Purchasing the right amount of insurance coverage can be challenging. In a sea of constant changes,…read more

Common Exclusions Under Fidelity Insurance Policies

Understanding the types of losses that are excluded under an insurance policy are just as important as…read more

What Does Fidelity / Crime Insurance Cover?

Fidelity / crime insurance covers losses that occur when an employee defrauds their employer. This …read more


The RMFA Difference

Regardless of background or level of knowledge, all our clients are treated with professionalism and respect. All files, regardless of size or complexity, are treated as a top priority. That’s our promise.