phrase
cyber liability
In plain English
Coverage for the costs of a data breach, ransomware attack, or other cyber incident.
Two halves: first-party (your costs — investigation, notification, ransom, lost income) and third-party (claims by people whose data was exposed). Modern cyber policies bundle both.
What it covers
First-party: forensic investigation, breach notification, credit monitoring, ransom payment, business interruption. Third-party: lawsuits from affected individuals, regulatory fines and penalties.
What it does not cover
It does NOT cover bodily injury or property damage from cyber events — those are excluded as 'silent cyber.' War exclusions are also expanding rapidly post-2023.
Where it trips people up
Sublimits within the cyber policy are everywhere — ransomware sublimit, regulatory fine sublimit, social engineering sublimit. The headline limit is rarely the available limit for the loss you actually have.
The technical version
Insurance covering the financial consequences of cyber incidents, including data breaches, network security failures, privacy violations, and cyber extortion, typically written on a claims-made basis.