Skip to main content
MorningsideHealth & Risk

What does cyber insurance NOT cover?

Standard exclusions: (1) bodily injury and physical property damage from cyber events (those are GL/property), (2) acts of war and certain nation-state attacks (the war exclusion has become a battleground after Merck v. ACE), (3) intellectual property infringement, (4) employment-related claims (those are EPLI), (5) prior known incidents, (6) failures to maintain stipulated baseline controls (most carriers now require MFA, EDR, and offline backups; failure to maintain can void coverage), (7) future revenue loss beyond the indemnity period. Healthcare practices should also confirm whether the policy covers PHI-specific regulatory fines from state AGs (some state AG actions are not "OCR investigations" and may need explicit coverage extensions).

Category
Business Insurance
Audience
Pre-purchase guidance
Topic
Cyber & Privacy

STILL HAVE QUESTIONS?

We answer the same business day.

If yours isn't covered here, schedule a consultation and we'll get you a clear answer.