Glossary of cyber insurance terms
Cyber insurance can help you get your business back on track following a cyber attack or data breach. But policies can be confusing, using unfamiliar terms that can make it difficult to know exactly what is and isn’t covered.
By Alan Boswell Group

- Business interruption
- Breach expenses
- Cyber extortion
- Data breach
- Data server
- Data restoration
- Encryption
- Firewall
- Hacker
- Incident response
- Liability cover
- Malware
- Multi-Factor Authentication
- Network
- Notification costs
- Outsourcing
- Phishing
- Privacy violation
- Ransomware
- Restore
- Social engineering
- Third-party liability
- User account
- Virus
In this article
- Business interruption
- Breach expenses
- Cyber extortion
- Data breach
- Data server
- Data restoration
- Encryption
- Firewall
- Hacker
- Incident response
- Liability cover
- Malware
- Multi-Factor Authentication
- Network
- Notification costs
- Outsourcing
- Phishing
- Privacy violation
- Ransomware
- Restore
- Social engineering
- Third-party liability
- User account
- Virus
In this article, we demystify some common cyber insurance terms so you can be confident about getting the right policy for your business.
Business interruption
Business interruption covers lost income if you have to stop operations after a cyber attack. For example, if your business suffers a ransomware attack, which means you cannot operate as normal, business interruption cover will compensate you for lost trade and can also cover losses from reputation damage.
Breach expenses
If your cyber insurance policy covers breach expenses, it will pay to investigate the cause or source of a cyber attack. Often, this will mean engaging cyber security experts to work out what happened. In most cases, they’ll also identify other vulnerabilities and help you address them.
Cyber extortion
This is when cyber criminals demand money by making threats, for example, threatening to release personal or sensitive data they’ve stolen. Cyber insurance typically covers cyber extortion and will help you negotiate with hackers to minimise the impact of their actions.
Data breach
A data breach occurs when sensitive or personal information is taken or disclosed without authorisation, such as the theft of customer credit card details.
Data server
Data servers store, manage, and process information from one central computer or platform. Servers can be used to host websites, files, and help run computer programs and applications.
Data restoration
Cyber insurance usually covers data restoration costs to help you retrieve and restore damaged or lost data after a cyber incident.
Encryption
This is when data is scrambled so that only the intended recipient can read it. An everyday example includes messages you send over platforms such as WhatsApp, which encrypts messages from the sender and can only be read by the recipient.
Firewall
Firewalls are a type of defence mechanism to stop cyber criminals from reaching your network. They work by monitoring all incoming and outgoing traffic, blocking what they think could be harmful.
Hacker
Hackers are people who seek to gain unauthorised access to your systems and data.
Incident response
This is the way you manage a cyber attack or security breach. Businesses are recommended to have a cyber incident response plan that documents every step that needs to be taken after a cybercrime takes place.
Liability cover
This covers costs if a claim is made against you after a cyber incident. For example, if a customer took you to court after personal data was stolen from your systems, your policy would pay for your defence and any damages awarded.
Malware
Malware is an umbrella term for malicious software that’s designed to disrupt, damage, or access your IT systems. For example, a worm is a type of malware designed to replicate and spread throughout your computer network.
Multi-Factor Authentication
This is where there is a two-phase process before you can access your IT services – e.g. a code is generated on your computer which requires input on your mobile phone before you can access your IT systems. This is a requirement of all cyber insurers to mitigate the potential for loss as far as possible.
Network
A computer network is where you’ve linked several computers so that they can communicate with each other. If you work in a medium or large business, it’s highly likely you’ll have an organisation-wide network giving everyone access to the same data and files. While networks make data sharing simple and efficient, this also means that a computer virus can spread easily between your devices.
Notification costs
If your policy refers to notification costs, it’s referring to the cost of informing affected parties about a data breach. For example, cyber insurance can cover the cost of sending letters or emails to anyone whose personal data has been stolen or compromised.
Outsourcing
Outsourcing refers to any third-party contractors or services you use to support your business activities. For example, if you’ve outsourced HR or data storage services to an external host.
Phishing
Phishing is one of the most common types of cyber attacks affecting businesses in the UK. It’s when criminals try to trick you or your employees into giving them sensitive information. Examples of phishing include emails or messages that appear to come from legitimate businesses but aren’t (also known as impersonation fraud).
Often, criminals demand urgent action, such as claiming you owe tax or have outstanding invoices that need to be paid. They may ask you to enter bank details or click on a link that downloads malware onto your computer.
Privacy violation
This is when sensitive or personal information is used, taken, or accessed without permission. Breaching GDPR and data privacy laws is serious and can result in large fines and lead to reputational damage.
Ransomware
Ransomware is a type of malware (malicious software) that encrypts data or blocks access to your systems. Criminals will then demand money to release your files.
Restore
If your cyber insurance policy includes a restore clause, it will cover the cost of recovering data after a cyber attack or breach. Bear in mind that it’s not always possible to recover data, so it’s still important to back up files.
Social engineering
This is another popular technique used by cyber criminals. It’s when attackers manipulate others into releasing sensitive information or to gain access to systems.
Phishing is considered a type of social engineering where criminals pretend to be from a trusted organisation. They manipulate emotions such as fear to make people carry out certain actions. For example, a criminal might pretend to be from your bank and ask you for login details.
Third-party liability
This refers to costs you owe other people. This happens when you’re found to be responsible for damage or injury caused to others through your actions or because of negligence. For example, a customer might claim damages if it is proven that your business failed to properly protect their data, resulting in its theft.
User account
This is how a device recognises individual users. Access is usually through a specific login (like your email address) and a password. Using those credentials means the device will recognise who you are and give you access to your apps, files, and programs.
Virus
A type of malware that can replicate itself and spread to other systems. For example, a computer in your network might download a virus that slows down performance and corrupts files.
Need help with your insurance?
Whether you need a quote, have a general enquiry, or want to talk it through over the phone, we're here to help.
Send an enquiry
FAQs
Insurers now commonly refer to this as ‘cyber event’ insurance as policies not only cover liability risks (e.g. claims brought against you by others) but also your own losses as well, such as a data breach which will cover the costs of rectification, compliance, or loss of revenue.
Cyber insurance does cover ransomware attacks; the specific terms of the cover will depend on your policy.
Insurers set their own terms and conditions, so exclusions can vary. That said, typical exclusions include:
Acts of war or terrorism – in these cases, losses are rarely covered.
Some fines and penalties – generally, fines, penalties and regulatory costs are only included if they are deemed legally insurable (as you cannot insure an illegal act).
Physical damage or injury – cyber insurance is usually limited to the digital world, so you won’t always be covered for hardware rectification costs or physical injury to people (these are usually covered under other business insurance policies).
Cyber insurance for peace of mind
Cyber insurance isn’t compulsory, but it does provide a safety net if your business experiences a cyber attack. Policies cover a broad range of risks (including emergency management services to help you in the immediate aftermath of a cyber attack) and can be tailored to best meet your needs, with the aim of minimising financial and reputational damage.
To find out more, take a look at our cyber insurance hub, or to speak to an expert about cyber insurance for your business, call us on 01603 218000.
Related guides and insights

Cyber security audits explained
Cybercrime is one of the biggest threats to businesses across all industries and having appropriate cyber security in place is vital. We take a look at cyber security audits, how they work and why they're important.

Data protection insurance – protecting your business from data breach risks
For businesses that fail to protect personal or sensitive data, the financial penalties can be crippling. We look at how data protection insurance can help minimise financial and reputational damage.

Small business guide to cyber attacks – prevention and loss
More than 600,000 UK businesses experienced a cyber breach or attack in the last 12 months. We look at the most common types of cyber attacks and what you can do to minimise the risk to your business.

What is cyber insurance?
In todays connected world digital security should be high on the priority list. Here’s how cyber insurance can help keep you and your customers safe.