Digital exposures are operational exposures. Ransomware, data breaches, system failure: coverage written by underwriters who understand the threat environment, not bolt-on covers from a generalist.
Cyber policies vary enormously in what they actually cover. The headline limit matters less than what's included and what's excluded. Policy wording in this class has evolved quickly, and not all policies have kept up.
What a good cyber policy looks like
Incident response support built into the policy: forensic teams, legal counsel, and PR crisis support available immediately at point of event.
Not just a reimbursement promise.Broad coverage for ransomware with realistic sub-limits. A war exclusion that's narrowly drafted. BI that covers system failure as well as malicious attack.
We look for
Lowest-cost policy available. Policy wording has broad exclusions for critical exposures. A ransomware event is partially covered. Client absorbs the rest.
Policy doesn't include access to a forensic team, legal counsel, or PR support at point of incident. Client is on their own for the first 72 hours.
State-sponsored cyber attacks are excluded under a war exclusion clause. Client doesn't know. More events fall into this category than most realise.
A $1M cyber limit sounds reasonable. A serious ransomware incident with BI, forensics, notification costs, and liability can exceed $2M quickly.
We'll review your current cyber policy (wording, limits, exclusions) and go to the market to show you what a well-structured policy looks like. No cost, no obligation.