Cyber insurance claims arise when an organization experiences a cyber incident that triggers their insurance policy. But what does cyber insurance actually cover?
Cyber insurance empowers companies to mitigate the costs of cyber incidents, including not only direct financial losses but also legal fees, recovery expenses and forensic investigations. With comprehensive cover, companies have protection against a broad range of incidents, each of which presents its own unique risks and challenges.
What are the most common cyber insurance claims?
According to CFC claims data, the 4 most frequently covered claims are for data breaches, ransomware attacks, theft of funds and phishing. Comprehensive cyber insurance coverage is vital for businesses to recover from these cyber incidents—and emerge stronger and better-informed because of them.
1. Data breaches
A data breach occurs when sensitive information is exposed, either through hacking or an accidental leak. These incidents can have severe financial consequences, making insurance a crucial safety net. The financial toll of a data breach can be astronomical, encompassing not just the immediate costs but also the long-term repercussions for customer trust and the company’s reputation.
Coverage typically includes:
- legal fees
- data recovery, if data is unable to be restored
- regulatory fines
- forensic investigations
- notification and credit monitoring costs
Recent high-profile data breaches
In 2024, Dell faced allegations of a data breach when the identifiers and statuses of over 10,000 employees were leaked. The tech giant also suffered a cyber attack last year, when hackers extracted data from a staggering 49 million customers. These incidents highlight the persistent threat cybercriminals pose to even the world’s biggest companies, reinforcing the need for robust cyber security measures.
Other major data breaches in 2024 further emphasize the widespread risk:
- over 560 million of Ticketmaster’s customer records were leaked online, including payment information, exposing a massive number of individuals to potential fraud and identity theft
- hackers accessed the records of 7.6 million current and 65.4 million former customers of telecoms behemoth AT&T, exposing sensitive personal data such as account details and social security numbers
- French multinational Capgemini fell victim to a hacker who claimed to have stolen 20GB of sensitive data, including credentials and private keys, a breach that risked crippling internal systems and exposing client information
These examples are just the tip of the iceberg. While its cyber attacks on multinational corporations that tend to make the news, the majority of attacks are actually carried out on SMEs, as hackers perceive these businesses as easier targets. Any healthcare or education provider would be heavily liable for a data breach, no matter their size
Cyber liability insurance is essential for mitigating the costs of these breaches, enabling businesses to recover quickly from financial and reputation damage. It provides a crucial financial buffer, enabling companies to address the immediate fallout and rebuild trust with their customers.
2. Ransomware attacks
One of the most financially devastating cyber threats, a ransomware attack is a form of cyber extortion when a threat actor gains access to a company’s systems, then deploys ransomware to encrypt these systems and the company’s data. With operations brought to a standstill, the threat actor demands a ransom in return for the decryption key.
Coverage typically includes:
- restoring systems to their pre-attack state
- forensic investigations to identify the root cause
- legal expenses and expertise
- data restoration, if data is unable to be recovered
- business interruption losses
- the ransom demand, if there is no choice but to pay it
While ransomware incidents comprise fewer than 20% of cyber claims, their potential to irreparably damage a company’s reputation, finances and market share means insuring against them is paramount. Ransomware claims are growing in frequency, amplified by the emergence of ransomware groups such as RansomHub, which has been responsible for hundreds of cyber attacks since 2024. RansomHub is known for its efficiency and ability to target organizations spanning every sector, including IT, finance, healthcare and even emergency services. The FBI and CISA have issued a joint advisory warning businesses against the group, recommending immediate mitigation strategies such as readily installing updates and implementing multifactor authentication. Elsewhere, the U.S. Secret Service has offered a $2.5 million reward for information leading to the arrest of notorious Belarusian hacker Volodymyr Kadariya, highlighting the Government’s commitment to combating cybercrime.
Cyber insurance helps businesses respond swiftly, although it’s important to find the right insurer. Some cyber insurance providers provide greater cyber security and incident response services than others. Businesses need comprehensive protection against the short, medium and long-term risks.
3) Theft of funds
Our most common source of cyber insurance claims is theft of funds. Unlike traditional theft, where physical money is taken from a business, today’s criminals are increasingly targeting electronic funds—money moved and managed remotely through digital systems. With nearly every business now handling finances electronically, cybercriminals have more opportunities than ever to steal.
Coverage typically includes:
- legal expenses
- regulatory fines
- investigation and response costs
- financial losses from fraudulent transactions
Social engineering scams are at the heart of many of these thefts. Attackers manipulate employees into sharing sensitive information or making payments to fraudulent accounts. And while businesses might expect their bank to cover the loss, that’s not always the case. If the company is deemed to have been negligent—perhaps by failing to follow proper security protocols—reimbursement may not be guaranteed. This makes it essential for companies to implement robust security measures and educate employees about the red flags of theft of funds scams, with cyber insurance a vital part of any risk mitigation strategy.
4) Phishing
Targeting the human component of a company’s cyber security, cybercriminals send phishing emails, messages or websites to deceive individuals into revealing login credentials or other sensitive information. Increasingly tough to detect, these attacks often serve as the entry point for more severe cyber incidents, such as theft of funds and ransomware infections.
Coverage typically includes:
- legal fees
- business losses
- forensic investigations
- credit monitoring for affected individuals
Strong email filters and a phishing prevention tool can dramatically reduce exposure to this type of cyber incident, and having a well-defined response plan in place can minimize damage, expedite recovery, and prevent further incidents.
Safeguard your business’s future
By covering all the most common claims, cyber insurance plays a pivotal role in protecting companies from the potentially devastating financial fallout of a cyber incident. With robust practices, a multilayered approach to cyber security and comprehensive cyber insurance coverage, you can minimize risk and financial exposure in a landscape of ever-increasing cyber threats.
Check out CFC’s Cyber hub to stay ahead in the rapidly evolving world of cyber liability insurance. For anything else, you can get in touch with our underwriters, or reach out to our expert team at cybermarketing@cfc.com.
