Cyber liability.
For when the loss is data, downtime, or a drained account, and the crime scene is your inbox.
One request, shopped across 60+ carriers by a licensed agent.
About three minutes. No obligation.

What it is
What is cyber liability insurance?
Cyber liability insurance covers the losses that arrive through a screen: stolen customer data, locked-up systems, and the expensive week that follows someone clicking the wrong link. It pays your own recovery costs and defends you when the exposed data belonged to someone else.
It works in two directions. First-party coverage pays your own costs after an incident: the forensics team that figures out what happened, the legally required letters to affected customers, ransom negotiations, restoring your data, and the income you lose while your systems are down. Third-party coverage handles the people who come after you afterward: customers whose data was exposed, regulators with questions, and the card networks if payment data was involved.
This is not a tech-company product. If you take cards, keep customer records, run payroll, or depend on email to get paid, you carry cyber risk, and your general liability and property policies exclude nearly all of it. Electronic data is not "property" to a property policy, and a data breach is not "bodily injury" to a liability policy. Cyber insurance exists because that gap kept swallowing businesses.
Who usually carries it
- Anyone who takes card payments, in person or online.
- Practices holding health records: medical, dental, therapy.
- Firms holding client financials: accountants, law offices, advisors.
- Businesses that pay vendors by wire or ACH on emailed instructions.
- Any operation whose revenue stops the moment its systems do.
Coverage
What cyber liability coverage handles.
Breach response
Forensics to find out what was taken, legally required notification letters, credit monitoring, and crisis communications, usually run through the carrier's hotline of pre-approved vendors, which is genuinely useful at 2 a.m.
Ransomware and cyber extortion
The specialists who handle the negotiation and, where lawful and the carrier consents, the extortion payment itself, never to sanctioned groups, which is one reason the negotiators exist.
Business interruption
Income you lose and extra expenses you incur while a covered attack keeps your network down, after a waiting period measured in hours. Some forms extend to outages at your key technology vendors.
Data restoration
The cost to recover, recreate, or restore data and software damaged or encrypted in an attack: from backups if you have them, from scratch if you don't.
Privacy and network security liability
Defense and settlements when customers, employees, or partners sue because their information was exposed or malware spread from your systems to theirs.
Regulatory defense and PCI assessments
Lawyers for post-breach regulatory investigations, fines where the law allows them to be insured, and card-network assessments, usually at a sublimit, a smaller cap inside the main limit.
Exclusions: read these first
What it does not cover.
Every policy has edges. Knowing them now is the difference between a covered claim and a surprise.
Social engineering, unless you add it
A convincing fake invoice your bookkeeper wires money against is excluded on many base forms because you sent the payment voluntarily. Ask for the social engineering endorsement by name.
Acts of war and state-backed attacks
Every cyber policy carries a war exclusion, and carriers have been tightening the wording since nation-state attacks reached the courts. Coverage can turn on that exact clause.
The security you said you had but didn't
Answer yes to the multi-factor authentication question when the truth is no, and the carrier can rescind the policy back to day one after a claim. Courts have let them.
Upgrades and betterment
The policy restores the systems you had before the attack, not the newer ones the breach proved you needed.
The future value of stolen ideas
If attackers walk off with your trade secrets or client list, the policy covers the incident response, not the profits a competitor now earns with your playbook.
Where carriers differ
Cyber forms are the least standardized in the business (sublimits, ransomware terms, and war language vary widely by carrier), so we read the exact form before you buy.
A locked screen on a Monday morning
A twelve-person accounting firm opens up the Monday after tax season to find every workstation showing the same ransom note. Client files, encrypted. Email, down. A payment demand with a countdown timer, as theater. The office manager calls the number on the cyber policy's breach card instead of the number on the screen.
How the coverage responds: within the hour the carrier's breach coach has forensics remotely imaging the servers and a negotiator buying time, and when forensics confirms client tax records were copied on the way in, the policy pays for notification letters and credit monitoring for roughly nine hundred clients, along with the forensics bill and the lawyers. Intact offline backups mean no ransom is paid, and business interruption coverage picks up the lost billings during six days of restoration. The firm's out-of-pocket cost is the retention, a deductible by another name. Without the policy, the firm is hiring forensics, breach counsel, and a notification vendor at panic prices while its billing system is down, and facing the regulators alone.
An illustrative example, not a real claim. Actual coverage depends on the policy issued.
What moves the price
We don’t quote prices on a website. Anyone who does is guessing. These are the factors underwriters actually weigh.
- Annual revenue and industry: a medical practice or a firm holding client financials is priced differently than a landscaping company.
- How many records you hold and what kind: payment cards, health information, and Social Security numbers carry the heaviest weight.
- Your security controls: multi-factor authentication, endpoint detection, email filtering, and offline backups are now underwriting requirements at most carriers, not extra credit.
- How dependent your revenue is on your systems staying up: an online seller feels an outage faster than a consulting firm.
- Prior incidents and claims, including ones you handled quietly without insurance.
- The limits, sublimits, and retention you choose, especially for ransomware and social engineering.
- How much of your operation runs through third-party vendors and cloud platforms, and which ones.
Credits that can move this price
The factors above push the price up. These are the named credits that pull it back. Which ones exist, and what they’re worth, varies by carrier and state. We check every one that could apply before we quote.
- Controls beyond the underwriting baseline: privileged-access management, network segmentation
- Managed detection and response, or a 24/7 security operations vendor on contract
- Scheduled phishing and security-awareness training, with completion records
- Documented backup restore testing, not just having backups
- Enrolling in the carrier's own attack-surface monitoring and acting on its alerts
- A clean incident history, including the ones handled without a claim
Questions
Cyber Liability, asked and answered.
Reviewed by a licensed property & casualty agent · Updated July 2026
Pairs with
Coverage that usually travels together.
- 01Professional LiabilityCovers claims that your advice, design, or work cost a client money. Also sold as errors and omissions, or E&O.Explore →
- 02Business Owner's PolicyLiability, property, and lost income in one policy. The standard small-business package, and usually cheaper than buying the pieces.Explore →
- 03General LiabilityPays when your business injures someone or damages their property. The baseline policy nearly every lease, contract, and client asks you to carry.Explore →
What happens next
A licensed agent reads it
Your request goes to a person, not a queue, the same business day.
We shop the carriers
We quote it across the markets that actually write this line and compare what comes back.
You decide
Options side by side, in plain English. Nothing is bound until you confirm it in writing.
Rather do the whole thing by phone? Call (917) 246-7038.
Carrier count reflects current appointments. Availability varies by state and line.
Start here
Let's price your cyber liability coverage.
Tell us what you need. We shop it across 60+ carriers. You pick, and nothing is in force until it's confirmed in writing.
About three minutes. No obligation.
