What Does Cyber Insurance Cover?

Rehana MoosaBy Rehana Moosa

With the significant increase in the number of cyber attacks over recent years, cyber insurance has become a must-have for many businesses.  As recent history has demonstrated, no business, regardless of size or industry, is completely immune to the risk of a cyber attack.


Since cyber insurance is still a relatively new insurance product, there is still variability with respect to policies offered by different insurers.  However, generally speaking, the types of losses that are covered by cyber insurance policies is fairly consistent.


In this blog post, we explore the types of losses that are covered under first party cyber insurance coverage.


Business Interruption Losses


A cyber attack can cause a business interruption loss, depending on the length of time a business needs to restore its systems and data, and resume operations. 


A business interruption loss can be caused by:


  • A loss of existing customers
  • A loss of potential customers, such as walk-in customers or referrals
  • The loss or cancellation of a contract
  • Lost sales orders
  • The offering of discounts to customers, who are compensated for delays in completing or the delivery of orders
  • Cancelled projects
  • The inability of the insured to submit bids / quotes for potential projects

Most cyber policies measure business interruption losses based on the net income that was lost as a result of the cyber attack (i.e. revenues less all expenses).  Some policies also cover operating expenses, including payroll, that the insured continued to pay while it was in the process of restoring its systems.


Contingent Business Interruption Losses


A contingent business interruption loss can occur in cases where an insured uses a third party to provide services such as data hosting, data backup / storage, or cloud computing, and the service provider suffers a cyber attack.  As a result, the insured experiences a business interruption loss when their operations are impacted, even though they were not the direct target of the cyber attack.


Some cyber insurance policies will specify the types of third party service providers that are included under this coverage, while other policies offer more generic wording.


Extra Expenses


Cyber insurance policies include coverage for extra expenses, which are additional costs incurred as a result of the cyber attack.  Common examples include:


  • Employee overtime
  • Meals for employees who are working overtime
  • Costs to hire subcontractors to complete projects / orders that the insured is unable to complete
  • Labour inefficiencies, in cases where certain tasks must be completed manually instead of electronically


Cyber policies generally required that two criteria be met for a cost to be covered as an extra expense:


  • The costs must exceed the insured’s normal operating expenses.  For example, if an employee typically works $500 worth of overtime each year, this would be considered a normal operating expense.  If the insured suffers a cyber attack, any employee overtime worked as a result of the attack in excess of $500 per year would be considered an extra expense.
  • The costs must have been incurred to mitigate the business interruption loss.  In other words, the insured must demonstrate that the extra expenses reduced or avoided a loss of income.

Incident Response Costs


Following a cyber attack, insurance companies can provide access to a panel of experts who can assist businesses in recovery and remediation efforts.  These experts are pre-vetted by the insurers and specialize in various areas such as law, computer forensics, forensic accounting, and public relations.


Cyber insurance policies include coverage for costs incurred when members of the panel are retained by the insured.  While it should be noted that insureds may be under no obligation to use the insurance company’s panel, some policies reduce the amount of the coverage for incident response costs should the insured choose to use a service provider that is not part of the panel.


Ransom Payments


Cyber policies generally cover ransom payments, should the insured choose to pay one.  Ransom payments can be negotiated by legal counsel or computer forensic experts who have intel on certain threat actor groups and the best approaches to use to potentially reduce the ransom payment.


Contact us to learn more.   647-426-0146  |

Communications are intended for informational purposes only and do not constitute legal advice or an opinion on any issue. For permission to republish this content, please contact Rehana Moosa Forensic Accounting Professional Corporation.

Back to Knowledge

Related Knowledge

The Case of the Lucky Lottery Ticket

Most people have dreamed about what they would do if they won the lottery. Despite knowing the odds…read more

Why Fraud Prevention Is Important

We have all heard the saying, “An ounce of prevention is worth a pound of cure”. This holds true for…read more

Fidelity / Crime Insurance - Discovery vs. Loss Sustained Coverage

Businesses change insurers for a variety of reasons, from lower insurance premiums to better coverage…read more

#Gotcha – Experts and Social Media

Facebook. Instagram. LinkedIn. Twitter. Social media has become ingrained in our daily lives, allowing…read more

Are Fraud Losses Tax Deductible?

As the old saying goes, “There are only two certainties in life – death and taxes.” While we often discuss…read more


The RMFA Difference

Regardless of background or level of knowledge, all our clients are treated with professionalism and respect. All files, regardless of size or complexity, are treated as a top priority. That’s our promise.