Click to toggle navigation menu.

Cyber Insurance Glossary: Key Terms Explained

Whether you’re evaluating coverage for the first time or comparing policies as a renewal approaches, the terminology in a cyber insurance policy can be a barrier to making confident decisions. This glossary covers the terms you’re most likely to encounter when working with carriers, underwriters, and brokers.

A

Aggregate Limit The maximum total amount an insurer will pay across all covered claims during a policy period, regardless of how many incidents occur. Once the aggregate is exhausted, the policy provides no additional coverage until renewal.

Application Warranty A statement made by the insured during the underwriting process that attests to the accuracy of information provided on the application. Misrepresentations in the application, even unintentional ones, can void coverage at the time of a claim. See: How to Fill Out a Cyber Insurance Application Without Getting Your Claim Denied

B

Business Email Compromise (BEC) A type of cyberattack in which criminals impersonate a trusted contact (often an executive or vendor) via email to trick employees into transferring funds or sharing sensitive data. BEC is one of the most common and costly cyber loss drivers for small and midsize businesses. See: Does Cyber Insurance Cover Business Email Compromise?

Business Interruption (BI) Coverage that compensates a business for lost income and operating expenses when a covered cyber event disrupts normal operations. Business interruption is now the single largest driver of cyber insurance claims and is typically subject to a waiting period before coverage activates. See: Business Interruption Is Now the Largest Driver of Cyber Losses

C

Carrier The insurance company that underwrites and assumes the financial risk of a policy. Carriers set the terms, pricing, and appetite for coverage. A broker works with multiple carriers to find the right fit for each client’s risk profile. See: Cyber Insurance Carriers Compared

CIS Controls The Center for Internet Security’s prioritized set of cybersecurity best practices. Carriers increasingly expect alignment with CIS Controls as a baseline condition for coverage. Documented compliance can accelerate underwriting, reduce sublimits, and lower premiums.

Claim A formal request submitted to the insurer seeking payment for a covered loss. In cyber insurance, claims typically involve notifying the carrier promptly after discovering an incident. Policy language specifying notice requirements should be reviewed carefully. See: How to File a Cyber Insurance Claim

Claims-Made Policy A policy structure in which coverage applies to claims reported during the active policy period, regardless of when the underlying incident occurred, subject to the retroactive date. Most cyber policies are written on a claims-made basis.

Coinsurance A provision in some policies requiring the insured to share a percentage of losses above the deductible. Less common in cyber, but worth confirming in policy wording.

Coverage Trigger The specific condition that must be met for a policy to respond. In cyber insurance, common triggers include unauthorized access, system failure, or a privacy breach event.

Cyber Extortion Coverage for losses related to ransomware or other extortion demands made by threat actors. This typically includes ransom payments, negotiation costs, and incident response expenses associated with the extortion event. See: Does Cyber Insurance Cover Ransomware Payments?

D

Data Breach An incident in which unauthorized individuals access, steal, or expose sensitive or confidential data. A data breach can trigger multiple coverage components, including breach response, notification costs, credit monitoring, and third-party liability. See: Data Breach Insurance: What It Covers and What It Costs

Data Breach Response / Breach Response Costs First-party coverage for the direct costs of responding to a data breach, including forensic investigation, legal counsel, notification to affected individuals, credit monitoring, and public relations expenses.

Deductible (Retention) The amount the insured is responsible for paying before the insurer’s coverage applies. In cyber insurance, this is often called a “retention” rather than a deductible. Higher retentions generally lower premiums. See: Cyber Insurance Deductibles and Self-Insured Retentions Explained

Deepfake Fraud A form of social engineering in which attackers use AI-generated audio or video to impersonate an executive or trusted contact and manipulate employees into authorizing fraudulent transactions. See: Does Cyber Insurance Cover Deepfake Fraud?

E

eCrime / Funds Transfer Fraud (FTF) Coverage for losses resulting from fraudulent wire transfers or payment misdirection caused by a social engineering attack or impersonation. Often a sublimited coverage within a cyber policy. Check the limit carefully, as losses can be significant. See: Social Engineering and Funds Transfer Fraud Coverage

EDR (Endpoint Detection and Response) A security technology that monitors and responds to threats on individual devices (endpoints). Carriers widely consider EDR deployment a baseline underwriting requirement. Absence of EDR can result in higher premiums, sublimits, or declined applications. See: EDR and Cyber Insurance

Errors and Omissions (E&O) See: Tech E&O.

Exclusion A provision in the policy that explicitly removes certain events, losses, or circumstances from coverage. Common cyber exclusions include war and acts of terrorism, infrastructure failure by utilities, and losses arising from unpatched known vulnerabilities (varies by carrier). See: Cyber Insurance Exclusions: What Most Policies Won’t Cover

F

First-Party Coverage Coverage for losses the insured directly experiences, such as business interruption income, ransomware response costs, data recovery, and breach notification expenses. Contrast with third-party coverage. See: First-Party vs. Third-Party Cyber Insurance

Forensic Investigation The process of analyzing systems and data to determine the cause, scope, and impact of a cyber incident. Forensic costs are typically covered as a first-party expense and are often required before a claim can be fully evaluated.

G

Geo Risk / Geopolitical Cyber Risk The exposure created by operating in or conducting business with entities in regions subject to active cyber conflict or sanctions. Nation-state attackers and hacktivist groups affiliated with geopolitical conflicts can affect commercial businesses as collateral damage even when they are not the intended target. See: Geopolitical Cyber Risk and Cyber Insurance

I

Incident Response (IR) The process of identifying, containing, and recovering from a cyber incident. Many cyber policies include access to a pre-approved IR panel, a vetted network of forensic, legal, and remediation firms that the carrier has already negotiated rates with. See: How to File a Cyber Insurance Claim

Insider Risk The exposure created by employees, contractors, or other insiders who intentionally or negligently cause a security incident. Intentional insider acts are typically excluded from cyber policies and addressed through crime or fidelity coverage instead. See: Insider Risk and Cyber Insurance

Insured vs. Insured Exclusion A provision that excludes claims brought by one insured party against another. More common in D&O policies but can appear in cyber forms. Worth reviewing if your organization has related entities on the policy.

L

Limit of Liability The maximum amount the insurer will pay for a single covered claim. Cyber policies typically offer per-occurrence limits alongside the aggregate. See: How Much Cyber Insurance Do I Need?

M

MFA (Multi-Factor Authentication) An identity verification method requiring users to confirm their identity through two or more factors. MFA is one of the most scrutinized controls in cyber underwriting. Carriers commonly require MFA for email, remote access, and privileged accounts as a condition of coverage. See: MFA and Cyber Insurance

MGA (Managing General Agent) An intermediary authorized by carriers to underwrite, bind, and manage insurance policies on their behalf. MGAs operate with direct carrier authority, allowing them to move faster and offer more tailored coverage than traditional retail channels.

MSP (Managed Service Provider) A company that provides outsourced IT management and support to businesses. MSPs face unique aggregation risk in cyber underwriting because a compromise of their management tools can cascade across every client environment they manage. See: Cyber Insurance for MSPs

N

Named Peril A policy structure that only covers losses from specifically listed events. Most cyber policies are “all-risk” or “open peril” rather than named peril, meaning they cover any event not explicitly excluded.

Nation-State Exclusion See: War Exclusion.

Network Security Liability Third-party coverage for claims arising from a failure of your network security, such as a breach that spreads to a client’s systems or results in a customer’s data being compromised. See: First-Party vs. Third-Party Cyber Insurance

Notice Requirement The policy provision specifying when and how the insured must notify the carrier of a potential or actual claim. Cyber policies typically require prompt notice. Failing to notify the carrier in time can jeopardize coverage.

P

PAM (Privileged Access Management) A security discipline focused on controlling and monitoring access to systems and accounts with elevated privileges. PAM is increasingly required by underwriters, particularly for MSPs and technology companies. See: Privileged Access Management and Cyber Insurance

PCI DSS (Payment Card Industry Data Security Standard) A set of security standards required for businesses that process credit card transactions. PCI compliance status is a common underwriting question and can affect pricing and coverage terms. See: PCI DSS 4.0 and Cyber Insurance

Privacy Liability Third-party coverage for claims arising from the unauthorized disclosure of personally identifiable information (PII) or protected health information (PHI). This can include regulatory defense costs and civil penalties where insurable by law.

Professional Liability Liability arising from errors, omissions, or negligent acts in the performance of professional services. See: Tech E&O.

R

Ransomware A type of malware that encrypts a victim’s data and demands payment for the decryption key. Ransomware events typically trigger multiple coverage components, including cyber extortion, business interruption, forensics, and data recovery. See: Ransomware and Cyber Insurance Coverage

Rectification / System Restoration Coverage for the cost of restoring or recreating data and systems damaged or destroyed by a covered cyber event.

Regulatory Defense and Fines Coverage for legal defense costs and, where insurable, fines and penalties arising from regulatory investigations following a cyber incident. Regulatory bodies that commonly investigate breaches include the FTC, HHS Office for Civil Rights, state attorneys general, and sector-specific regulators. See: Does Cyber Insurance Cover Regulatory Fines?

Retroactive Date In a claims-made policy, the retroactive date is the earliest point from which prior acts are covered. An incident that occurred before the retroactive date is not covered even if the claim is reported during the policy period. Maintaining a consistent retroactive date across renewals is important. See: Cyber Insurance Retroactive Date Explained

RDP (Remote Desktop Protocol) A Microsoft protocol that allows remote access to systems. Exposed RDP (publicly accessible without additional controls) is one of the most common attack vectors and is frequently cited as an underwriting exclusion trigger or declination reason.

S

Social Engineering Manipulation tactics used by attackers to deceive employees into taking actions that compromise security, such as transferring money, sharing credentials, or granting access. Social engineering coverage is often sublimited. Verify the limit relative to your actual exposure. See: Social Engineering and Funds Transfer Fraud Coverage

SOC 2 A framework developed by the American Institute of CPAs (AICPA) for evaluating a technology company’s controls related to security, availability, processing integrity, confidentiality, and privacy. SOC 2 Type II certification is increasingly recognized by underwriters as a meaningful indicator of a mature security program. See: SOC 2 and Cyber Insurance

Sublimit A coverage cap within a policy that applies to a specific type of loss, set below the overall policy limit. Common sublimits in cyber policies include funds transfer fraud, social engineering, and PCI fines. Sublimits are one of the most important line items to review when comparing policies. See: Cyber Insurance Sublimits Explained

Supply Chain Attack A cyberattack that targets a vendor, software provider, or other third party in order to compromise the organizations that depend on them. Coverage for supply chain attacks varies significantly by carrier and policy form. See: Does Cyber Insurance Cover Supply Chain Attacks?

System Failure Some policies extend coverage to losses caused by non-malicious system failures or outages, not just attacks. This distinction matters for businesses with high operational dependence on technology systems.

T

Tech E&O (Technology Errors and Omissions) A professional liability policy designed for technology companies, software developers, SaaS providers, and MSPs. Tech E&O covers claims arising from errors in your technology product or service that cause harm to a client, such as a buggy release, failed implementation, or missed SLA. Tech E&O and cyber insurance are complementary: cyber covers security incidents, Tech E&O covers professional mistakes. See: What Is Technology E&O Insurance?

Third-Party Coverage Coverage for claims made against the insured by outside parties, including customers, vendors, and regulators, arising from a covered cyber event. Common third-party coverages include network security liability, privacy liability, and regulatory defense. See: First-Party vs. Third-Party Cyber Insurance

U

Underwriting The process by which an insurer evaluates risk and determines whether and on what terms to offer coverage. In cyber insurance, underwriting typically involves reviewing an application, assessing security controls, and sometimes conducting a technical assessment of the insured’s environment. See: What Underwriters Look For in a Cyber Insurance Application

W

Waiting Period The period of time that must pass after a covered event before business interruption coverage begins to pay. Common waiting periods range from 6 to 24 hours. A shorter waiting period provides broader coverage but may come at higher cost.

War Exclusion An exclusion that removes coverage for losses caused by acts of war or state-sponsored cyberattacks. The scope of war exclusions in cyber policies has been an active area of debate, particularly following nation-state attacks that affected commercial businesses as collateral damage. See: War Exclusions, Nation-State Attacks, and What Cyber Insurance Actually Covers

Have questions about how any of these terms apply to your coverage? Contact SeedPod Cyber to speak with a broker directly.