® 
Cyber Insurance
Definition
Cyber insurance is insurance that protects organizations from financial losses due to cyberattacks, data breaches, and other cyber incidents.
Cyber insurance protects organisations against financial losses from cyberattacks, data breaches and other cyber incidents. The cyber insurance market is growing rapidly: Munich Re estimates global premiums at $14 billion in 2025. Meanwhile, insurer requirements are becoming increasingly stringent.
How does cyber insurance work?
Cyber insurance typically covers: incident response and forensic investigation costs, system recovery and rebuilding, legal fees and fines, data breach notification costs, third-party liability, business interruption and revenue loss, and sometimes ransom payments (though controversial). Premiums are determined by the organisation's risk profile.
Insurer requirements
Insurers are imposing increasingly strict security requirements. Common prerequisites include: MFA on all accounts, regular patch management, offline backups, EDR on all endpoints, network segmentation, incident response plan, and security awareness training. Non-compliant organisations face denial of coverage or significantly higher premiums.
Impact on organisations
The average cost of a data breach is $4.88 million (IBM, 2024). Cyber insurance can significantly limit financial risk but is not a substitute for adequate security. NIS2 indirectly incentivises improving security posture, which also improves insurance terms.
Protection
Improve security posture to meet insurer requirements. Document security measures for insurance applications. Carefully evaluate coverage: not all scenarios are covered. Combine cyber insurance with an incident response retainer.
How DEFION helps
DEFION helps organisations improve their security posture through Cyber Insurance Advisory Services. The team evaluates current security against insurer requirements and delivers concrete improvement plans.