Insurance & surety specialists since 1994
Cyber liability & data breach insurance

One email. One laptop. One ransom note.

That is all it takes to bring an enterprise to its knees. A cyber risk policy is the difference between an incident and an extinction event β€” and we underwrite it the way insurance was meant to be done: by people who read the policy form.

βœ“ Specialists since 1994 βœ“ A real person, every time βœ“ Standard & non-standard markets
1 in 6
breaches in 2025 involved an attacker using AI β€” phishing and deepfakes lead
~38%
of small businesses carry cyber insurance, vs. ~92% of large enterprises
~21%
of cyber claims were denied or partially denied in 2025 β€” usually over missing controls
$26B+
global cyber insurance market in 2025, projected to roughly double by 2030

Figures from IBM's Cost of a Data Breach Report 2025, Munich Re, Swiss Re, NAIC and industry claims data. The takeaway is not the size of any single number β€” it is the asymmetry between a tiny trigger and a ruinous bill.

What is cyber risk?

The vulnerability that your other policies quietly exclude.

Cyber risk is your exposure to intrusion, data loss and system failure β€” and the business interruption, reputational harm, regulatory penalties and lost revenue that follow. Most commercial general liability (CGL) policies were never built to answer it. A purpose-built cyber policy is.

Privacy & liability to others

Information belonging to customers, patients and partners has real value β€” and you can be held legally responsible for losing it. Modern contracts bury data-protection clauses that turn one incident into a chain of damage claims. Customer data is exposed in over half of all breaches.

Media, content & infringement

Everything you publish online creates exposure: copyright and trademark claims, defamation, plagiarism allegations, unauthorized use, social posts. The moment your enterprise puts content on the web, liability is created β€” and it travels.

Expense & loss of income

Crisis management, forensics, data restoration, hardware replacement, downtime, funds-transfer fraud, breach-notification compliance and extortion costs aggregate fast. Nearly half of serious breaches strike organizations with fewer than 1,000 employees β€” most of whom are not financially prepared.

The threat moved. Coverage has to move with it.

The exposures of a decade ago were lost laptops and stolen thumb drives. They still happen β€” but the center of gravity has shifted to ransomware, business email compromise (BEC), supply-chain compromise and, increasingly, AI-assisted attacks. In 2025, phishing overtook stolen credentials as the most common way in.

Because the product is still maturing, no two carriers write the same form. Definitions, sub-limits, retentions and exclusions vary enormously between manuscript policies. That is precisely where underwriting expertise earns its keep β€” and why an "instant quote" is a fiction.

Avg. breach cost by industry, 2025
SectorPer breach
Healthcare$7.42M
Financial services$5.56M
Industrial$5.00M
Energy$4.83M
Technology$4.79M
Pharmaceuticals$4.61M

Source: IBM Cost of a Data Breach Report 2025

Coverage detail

First-party and third-party protection, built to actually respond.

We pair you with the right form and the right market β€” standard or non-standard β€” backed by carriers with the financial strength to honor the obligation. Here is the coverage we work to secure.

First-party coverage

Pays your costs after an incident: forensics and crisis response, data and program restoration, business interruption and lost revenue, cyber extortion, and computer-fraud and funds-transfer-fraud losses.

Third-party (liability) coverage

Protects you when others come after you: claims from customers, employees and regulators, defense costs, and settlements arising from a privacy or network-security failure β€” with a most-favorable-venue approach where allowed.

What the form should include

Defense option at inceptionChoose duty-to-defend or reimbursement when the policy is bound.
Extended reporting periodApplies to crisis-management and security-breach expense coverage, with an automatic 90-day ERP for first-party coverages.
Data & program restorationFirst-party reimbursement to restore corrupted or destroyed electronic data and software.
Computer & funds-transfer fraudProtection against fraudulent transfer of money, securities or other property.
E-commerce extortionCovers the cost of responding to threats against your network or data.
Business interruptionExpenses and lost revenue from a virus or denial-of-service attack that impairs your systems.
Breach remediation & notificationExtends to credit monitoring, identity-fraud cover, computer forensics and initial-response advice.
Regulatory defenseNot limited to specific agencies; includes any state attorney general, plus fines and penalties where insurable.
Communications & mediaContent liability across websites, email and social media in any electronic format.
Non-monetary & ADR reliefReaches claims seeking injunctive relief, arbitration and mediation β€” and punitive damages on a favorable-venue basis.
Broad information-security triggerCovers electronic and paper records, health information, and any protected personal data β€” not just "on-premises" e-commerce.
Resistant to common carve-outsNot defeated by exclusions for mechanical failure, maintenance lapses, software performance, spyware/cookies or lack of encryption.

Coverage features describe the broad forms we pursue and vary by carrier, jurisdiction and underwriting. The binding policy controls in all cases. We will walk you through exactly what your policy does β€” and does not β€” do before you sign.

Anatomy of a claim

What a covered incident actually looks like.

Three composite scenarios β€” drawn from the patterns carriers see most often β€” and the coverages that respond to each.

Ransomware

A 40-person firm goes dark

An employee clicks a convincing invoice. Within hours, files are encrypted firm-wide and a ransom is demanded. Operations halt for nine days while systems are rebuilt from backups.

Coverages that respond
Cyber extortionBusiness interruptionData restorationForensics
Funds-transfer fraud

The "CEO" wires $180,000

A spoofed executive email β€” increasingly polished by AI β€” directs accounting to pay a fraudulent vendor. The transfer clears before anyone notices. BEC is now among the most common claim types by volume.

Coverages that respond
Computer fraudFunds-transfer fraudCrisis response
Privacy breach

A lost laptop, 12,000 records

An unencrypted device disappears with patient or customer data on it. Breach-notification laws trigger across multiple states, plus a regulator inquiry and class-action exposure.

Coverages that respond
NotificationCredit monitoringRegulatory defenseThird-party liability

Scenarios are illustrative composites for education only and are not a representation of coverage. Actual coverage depends on the policy issued.

Why claims get denied

The fastest way to make a policy worthless is to skip the controls it assumed.

Roughly one in five cyber claims was denied or partially denied last year, and the single most common reason was failure to maintain the security controls a business declared on its application. Carriers now verify those controls were actually in place at the time of loss.

We do not just place coverage and disappear. Through our partnership with Gibbs Cyber Security, current policyholders can talk through loss-mitigation practices β€” so the policy pays when you need it. Here are the controls underwriters expect to see in 2026.

  • Multi-factor authenticationOn email, VPN, remote and admin access
  • Endpoint detection (EDR)Monitored, not just antivirus
  • Tested offline backupsSegregated and regularly restored
  • Incident response planWritten, assigned and rehearsed
  • Email security & filteringAnti-phishing and DMARC
  • Privileged access managementLeast-privilege for admin accounts
  • Patch & vulnerability mgmtTimely updates on known flaws
  • Security awareness trainingPeople are the first attack surface
How to apply

Fast is real. "Instant" is not.

Plenty of sites promise an instant cyber quote. That is marketing, not underwriting. Cyber risk is still a comparatively young, manuscript-driven product β€” every account has to be read and priced on its own facts. We are quick, but no honest broker is instant. Here is how it works.

01

Complete the application

A full application lets us understand your operations, data, revenue and security posture. The more complete it is, the better the terms we can find.

02

We underwrite & shop the market

We take your account to standard and non-standard carriers, comparing forms β€” not just prices β€” for the broadest coverage at a fair rate.

03

We explain the terms

Before you bind, a real person walks you through key coverages, sub-limits, retentions and any conditions, so there are no surprises at claim time.

04

Bind & stay supported

Once you're covered, our security partners remain available to discuss loss mitigation and keep your declared controls intact.

Frequently asked

Cyber insurance, answered plainly.

What does cyber risk insurance actually cover?

A cyber policy combines first-party coverage (your own costs β€” forensics, data restoration, business interruption, cyber extortion, funds-transfer fraud) with third-party liability coverage (claims, defense and settlements brought by customers, employees or regulators after a privacy or security failure). Most policies also fund breach notification, credit monitoring and crisis communications.

Doesn't my general liability or business policy already cover this?

Almost never. Standard commercial general liability (CGL) and property forms were written for bodily injury and physical property damage, and most now contain explicit exclusions for data and network events. To cover cyber exposures you need a dedicated cyber policy β€” or, in some cases, a cyber endorsement that has been carefully reviewed for gaps.

How much does cyber insurance cost?

Premiums depend on your revenue, industry, data volume, claims history and β€” increasingly β€” your security controls. After two years of softening rates, the market is expected to firm again in 2026. The strongest lever you control is your security posture: businesses that can demonstrate MFA, EDR, tested backups and an incident-response plan consistently get better terms. We price each account individually rather than quoting a generic number.

Why can't I get an instant quote online?

Because honest cyber underwriting requires reading the risk. Coverage forms are manuscripted and vary widely between carriers, so the same business can receive very different terms depending on the form. We move quickly, but a real underwriting review is what stands between you and a policy that won't pay. Anyone promising a binding "instant" cyber quote is selling the fiction, not the coverage.

What size of business needs this?

Every size. Nearly half of serious breaches hit organizations with fewer than 1,000 employees, yet only around four in ten small businesses carry cyber coverage β€” compared with the vast majority of large enterprises. Smaller firms are often less able to absorb the cost, which makes the protection gap most dangerous exactly where it is widest.

Why do cyber claims get denied β€” and how do I avoid it?

The leading reason for denial is failing to maintain the security controls you declared on your application. If you said you had MFA or working backups and you didn't at the time of loss, the carrier can contest the claim. Keep your declared controls genuinely in place, document them, and treat the application as an ongoing promise rather than a one-time form. We help current policyholders stay aligned with what their policy assumes.

Does cyber insurance cover ransomware and extortion?

Broad forms do β€” typically through cyber-extortion coverage for the response and negotiation, business-interruption coverage for downtime, and data-restoration coverage to rebuild. Terms, sub-limits and conditions vary significantly between carriers, and some now require specific controls before extortion coverage applies, so this is an area where the form details matter most.

Are AI-driven attacks covered?

Cyber policies generally respond to the outcome β€” fraud, breach, extortion, interruption β€” regardless of whether attackers used AI to get there. In 2025 roughly one in six breaches involved attackers using AI, most often to craft phishing and deepfake impersonations. What matters for coverage is how your form defines the triggering events, which we review with you before binding.

Who underwrites and supports my policy?

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group β€” insurance and surety specialists since 1994 β€” and Gibbs Cyber Security. You get insurance placement expertise on one side and practical security guidance on the other, with a real person available for coverage discussions and loss-mitigation support.

Plain-language glossary

The terms underwriters use.

First-party coverage
Pays for losses you incur directly β€” forensics, restoration, downtime, extortion and fraud β€” as opposed to amounts you owe others.
Third-party coverage
Pays for your liability to others: defense costs, settlements and judgments from claims arising out of a privacy or security failure.
Business Email Compromise (BEC)
A social-engineering attack in which a spoofed or hijacked email tricks staff into transferring funds or data. Now a leading claim type by volume.
Business interruption
Lost income and extra expense caused by a cyber event that disrupts your operations or systems.
Breach notification
The legally required process of telling affected individuals and regulators after a data breach. Costs and deadlines vary by state and country.
Cyber extortion
Coverage for the response to ransomware and threats against your network or data, including specialist negotiation.
Retention / deductible
The amount you pay out of pocket on a claim before the policy responds.
Sub-limit
A cap on a specific coverage that sits below the overall policy limit β€” common for extortion, social engineering and regulatory items.
Manuscript form
A policy wording drafted by an individual insurer rather than a standard industry form, which is why cyber coverage differs so much between carriers.
Most-favorable-venue
A provision letting certain damages (such as punitive damages) be evaluated under the jurisdiction most favorable to coverage, where legally permitted.
Our profile

A specialist's eye on a young, complicated product.

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group, an insurance and surety specialist since 1994, and Gibbs Cyber Security. We've spent serious time identifying the cyber insurers that offer the broadest forms, because your business and its continuity matter to us.

When you call, you reach a real person β€” yes, an actual human β€” ready to discuss the key coverage elements of a cyber risk policy, whether you're shopping for the first time or reviewing what you already hold. Current policyholders can also tap our security experts to discuss loss-mitigation practices.

Since 1994

Three decades placing specialty insurance and surety.

Real people

Human underwriting and human answers.

Security partner

Gibbs Cyber Security on loss mitigation.

Broad markets

Standard and non-standard, financially strong.

Find out what your enterprise is really exposed to.

Start an application or talk it through with an underwriter. No bots, no "instant" theater β€” just a straight read on your risk and the coverage that answers it.

Contact

Poindexter Surety Group

Raleigh, North Carolina
5 W. Hargett Street, 4th Floor
Raleigh, NC 27601

+1 (919) 859-5294

San Juan, Puerto Rico
404 Avenida de la ConstituciΓ³n, 7th Floor
San Juan, PR 00901

+1 (787) 333-0222

Toll-free (800) 373-2804 Β· U.S., Canada & Caribbean
Send a message

Sent straight to our underwriting desk at Underwriting@SuretyOne.com Β· same-business-day reply.