What to Look for in Cyber Insurance Coverage
If you are buying cyber insurance, the goal is not “get a policy.” The goal is get coverage that actually responds when something goes wrong, without nasty surprises, tiny sublimits, or requirements you cannot realistically maintain.
Here is the clean way to evaluate a cyber policy, whether you are a business owner buying it for your company or an MSP helping clients get insured.
If you want a quick sanity check on your current cyber policy or you want help choosing coverage that fits your real risk, book a call with RhoneRisk or request a quote.
Start with this: what would actually hurt you?
Before you look at forms and limits, answer these:
-
If you got hit by ransomware tomorrow, how long could you afford to be down?
-
If customer data leaked, who would you have to notify and what would that cost?
-
If your email got compromised and money went out, would it be covered?
-
If a cloud vendor outage stopped your operations, would you lose revenue?
Cyber insurance coverage should match the way your business operates, not a generic template.
1) Make sure it covers the big 3: ransomware, breach response, downtime
Ransomware and extortion coverage
Look for:
-
Extortion coverage included, not optional
-
Coverage for negotiation and response vendors
-
Clarity on whether ransom payments are covered and under what conditions
-
A limit that is not tiny compared to your main limit
What to watch for:
-
Restrictive conditions around paying
-
Separate sublimits that make the coverage basically unusable
Breach response and privacy costs
Look for:
-
Notification costs
-
Credit monitoring support when required
-
Breach coach and legal coordination
-
Forensics and incident response services
What to watch for:
-
Missing breach response services or a low cap on those costs
Business interruption
Look for:
-
Coverage for loss of income due to a cyber event
-
Extra expense coverage (overtime, temporary systems, emergency vendors)
-
Clear definition of what counts as an outage
What to watch for:
-
Waiting periods
-
Narrow definitions that exclude common outage situations
Internal link to add later: What does cyber insurance cover?
2) Check the policy limit, then immediately check the sublimits
A lot of people get tricked here.
They think:
-
“I have a $1M cyber policy”
But the reality might be:
-
$1M overall
-
$100K social engineering
-
$50K funds transfer
-
$25K incident response
-
Business interruption only after a waiting period
What to do
-
Ask for a coverage summary that lists all sublimits
-
Compare the sublimits to your most likely losses
If you are an MSP, this is a huge trust builder with clients because it is where most policies quietly fail.
3) Look hard at social engineering and funds transfer fraud
This is one of the most common real-world losses.
Examples:
-
Vendor impersonation
-
Fake invoices
-
Payroll diversion
-
Email compromise leading to wire fraud
Cyber policies handle this differently:
-
Some include it with a sublimit
-
Some treat it as crime coverage
-
Some exclude it unless specifically added
What to look for
-
Social engineering coverage included
-
A sublimit that is not a joke
-
Clear definition of what triggers coverage
This section alone is worth reviewing carefully before you buy.
4) Confirm you get incident response vendors and a clear process to activate them
During an incident you do not want to scramble.
You want:
-
A breach coach or legal contact
-
A forensics partner
-
A path to ransomware negotiators if needed
-
A 24/7 hotline for claims reporting
What to look for
-
Does the policy include panel vendors?
-
Are you required to use them?
-
Are you allowed to use your own vendors?
-
What is the exact process to trigger coverage?
A good policy makes response faster. A messy policy makes you waste hours, and that is when damage spreads.
5) Underwriting requirements you must maintain (do not ignore this)
Cyber insurance is getting stricter.
Most carriers want baseline controls like:
-
MFA on email and remote access
-
Backups that are protected and tested
-
Endpoint protection
-
Patch management
-
Access controls for admin accounts
-
Security awareness training
What to look for
-
Requirements that match what you can realistically keep in place
-
Clarity on what happens if a control lapses
If you say you have MFA, you need to have it. If you say backups are tested, you need evidence.
Internal link to add later: What is cyber insurance underwriting?
6) Definitions matter more than marketing
Cyber policies often differ by definitions like:
-
What counts as a “computer system”
-
What counts as a “security failure”
-
What counts as “business interruption”
-
Whether an outage at a third party counts
What to look for
-
Clear, broad definitions that reflect modern business
-
Coverage for cloud and hosted systems, not just on-prem servers
7) Third-party liability: defense costs, settlements, and regulatory coverage
If other people come after you, you want:
-
Defense costs included
-
Coverage for lawsuits and claims tied to privacy and security failures
-
Regulatory investigation coverage and associated defense costs
What to watch for
-
Coverage that sounds good but has narrow triggers
-
Policies that exclude key liability scenarios for your industry
8) Vendor and cloud outages (contingent business interruption)
Most businesses run on cloud tools.
If your email provider, EHR, PSA, or accounting software goes down, you can be dead in the water.
What to look for
-
Coverage for losses caused by third-party outages
-
Vendor failure coverage and contingent business interruption language
-
Clear triggers and definitions
Not every cyber policy includes this, and it matters more every year.
9) Retroactive date, waiting periods, and reporting requirements
These are boring details that become extremely important during a claim.
Retroactive date
-
If your policy has a retro date, incidents that began before it may not be covered.
Waiting periods
-
Business interruption may not kick in until after a certain number of hours.
Reporting requirements
-
Some policies require reporting within a certain timeline.
-
Many require you to contact the insurer before engaging vendors.
Read this section carefully. It can decide whether you get paid.
10) Renewal reality: make sure your policy is sustainable
The policy you buy now needs to be renewable later.
If you choose coverage with requirements your company will not maintain, renewals become a problem.
A better move:
-
Buy a policy aligned with your real controls
-
Improve security over time
-
Use that improvement to reduce premium or improve terms at renewal
Internal link to add later: Cyber insurance renewal process
Quick checklist you can use before you sign
Here is the short version.
Coverage basics
-
Ransomware and extortion covered
-
Breach response costs covered
-
Business interruption covered
Limits and sublimits
-
Sublimits reviewed and acceptable
-
Social engineering is covered with a meaningful cap
Response readiness
-
Incident response vendors included
-
Clear process to trigger coverage
Requirements and exclusions
-
MFA and backup requirements realistic and documented
-
Major exclusions understood
Cloud and vendors
-
Third-party outage coverage reviewed
Get Real Cyber Insurance Coverage Now
The best cyber insurance policy is the one that fits how your business actually runs, covers your top loss scenarios, and does not fall apart because of sublimits, exclusions, or requirements you cannot maintain.
If you want RhoneRisk to review a policy, sanity-check coverage, or help you structure insurance around real security controls, book a call or request a quote.

