Hablamos Español Insurance Companies We Work With
Learning Center

What Cyber Insurance Does Not Cover

By Richard Sweet. Reviewed by Richard Sweet. Updated July 6, 2026.

Already know you need this? Get a quote Compare your coverage →

Cyber insurance covers a great deal, but it does not cover everything, and the gaps are predictable. The most common problem is not an exotic exclusion. It is a sublimit on the loss most likely to happen, or a claim denied because the application overstated the practice’s security controls. Knowing these before you buy is how you avoid a surprise at the worst moment.

Sublimits on the loss most likely to happen

The single most common gap is a sublimit on social engineering and funds-transfer fraud. Many policies cap that coverage well below the headline limit. A one-million-dollar policy with a two-hundred-fifty-thousand-dollar social-engineering sublimit is, for the loss most likely to happen, a two-hundred-fifty-thousand-dollar policy. This is not an exclusion, so it is easy to miss. It is the first number to check.

Failure to maintain your controls

Cyber applications ask whether you have multi-factor authentication, backups, and other controls. If you attest to a control you do not actually have, and a loss traces back to that gap, the claim can be denied. This is not the carrier being difficult. It priced the policy on what you told it. Answering the application accurately is part of keeping the coverage valid.

Prior and known events

A policy covers what happens during its term. A breach that began before coverage started, or an incident you already knew about, is generally excluded. This is why prior-acts coverage and honest disclosure at application matter, and why waiting until something has happened to buy is usually too late.

The everyday exclusions

A few exclusions catch people off guard:

  • Ordinary infrastructure or power outages with no cyber event behind them.
  • Bodily injury and property damage, which belong to other policies unless a specific extension is added.
  • Contractual liability you assumed separately, beyond what the policy grants.
  • Losses inside a waiting period, since business interruption often does not start paying until an outage passes a set number of hours.

How to avoid the gaps

The fixes are straightforward. Read the sublimit on social engineering and raise it if you move money. Answer the application accurately and confirm your controls. Disclose anything you already know about. And compare policies on the coverage that responds, not the price. A short coverage review checks these before you buy, and our cyber insurance overview explains what a complete policy looks like.

Questions to ask your advisor

  • What is the sublimit on social engineering, and is it below my policy limit?
  • Did I answer the security-control questions on the application accurately?
  • Does the policy include prior-acts coverage, and did I disclose known issues?
  • What is the business-interruption waiting period before coverage starts?
  • Which everyday exclusions apply, and do I need any of them bought back?

Want guidance first? Compare your coverage. Already know what you need? Get a quote.

What many people don't realize

The part that catches owners off guard

  • Cyber policies have real limits, and knowing them is how you avoid a surprise at claim time.
  • The most common gap is a sublimit on the loss most likely to happen.
  • Misstating your controls on the application can void coverage.
  • Whether a loss responds is always subject to the specific policy.
The Vantage Point

What we see most often

The fastest way to lose trust is to oversell a policy. Cyber does a lot, but it does not do everything, and the exclusions are predictable. Saying so plainly is what separates an advisor from a salesperson.

Free, two-minute check

See where your coverage stands

Answer a few quick questions and get a clear read on your current coverage in about two minutes. We flag what is worth a closer look.

Compare your coverage
When to review

It may be time for a coverage review if:

  • You assume your cyber policy covers everything cyber-related
  • You have a social-engineering sublimit well below your limit
  • You answered the application quickly without checking controls
  • You had a prior incident or known issue
Compare your coverage Get a quote
Frequently asked

Frequently asked

What does cyber insurance not cover?
Common gaps include losses above a sublimit such as social engineering, failure to maintain the security controls you attested to, prior known incidents, ordinary infrastructure or power outages, bodily injury and property damage, and contractual liabilities you took on separately.
Can a cyber claim be denied?
Yes. Claims can be denied if you misrepresented your controls on the application, if the loss falls under an exclusion, if it predates the policy, or if it exceeds a sublimit. Accurate applications and confirmed wordings prevent most of these.
Why is my social engineering coverage so low?
Many policies sublimit social engineering well below the policy limit. A one-million-dollar policy with a two-hundred-fifty-thousand-dollar social-engineering sublimit is a two-hundred-fifty-thousand-dollar policy for that loss. It is worth raising if you move money by email.
Does cyber cover a power or internet outage?
Generally only a cyber-caused outage, and often after a waiting period. An ordinary utility or infrastructure outage with no cyber event behind it is usually excluded.
RS
Written and reviewed by

Richard Sweet

Founder and Principal Advisor, Vantage Point Risk

Richard Sweet runs Vantage Point Risk, an independent insurance and risk advisory for property owners, real estate investors, business owners, and families. He works with investors every week on the coverage decisions that decide how a claim actually turns out, and writes the Learning Center to put those decisions in plain language.

Reviewed for accuracy by Richard Sweet. Last updated July 6, 2026.

Richard also writes The Vantage Point, notes on building a better business.

This article is general information, not insurance, legal, or tax advice. Coverage depends on your policy terms, endorsements, carrier underwriting, and the state you are in. For guidance on your specific situation, talk with a licensed advisor.

Compare your coverage

It's not a quote. It's a real review.

Answer a few quick questions and get a clear read in about two minutes. We will flag what is worth a closer look, and you can hand us your current policy if you want us to dig in. No pressure, no obligation.

We review your current coverage for gaps and overlaps
We compare the market to see if you are overpaying
We tell you what is actually worth changing, and what is not
You get clear answers, even when you are already covered well