Claims typically covered by other insurance:

‍Bodily injury/property damage (BI/PD): Should be covered by General Liability (GL), property, workers’ comp, or employers liability.
Product liability: Should be covered under GL or a standalone product liability policy.
Securities violations: Covered under a Directors & Officers (D&O) policy.
Pollution: Should be handled by a pollution or environmental impairment policy.
Employee benefits or ERISA violations: Covered by fiduciary liability insurance.
Professional services: Should be addressed by an Errors & Omissions (E&O) policy.
Contract breaches: Non-“insured contracts” usually fall under E&O.
Workplace issues (e.g., harassment, discrimination): Covered by Employment Practices Liability Insurance (EPLI).

‍

Common cyber policy exclusions and considerations:

‍

Bodily Injury & Property Damage
Typically excluded in cyber policies and covered under GL or workers’ comp. However, some carvebacks exist—such as damage to hardware caused by a covered cyberattack or contingent mental anguish claims triggered by a cyber event. Language should ideally be narrowed to “for” rather than “arising out of.”

‍

Contractual Liability

Cyber policies aren’t meant to backstop all contracts. Claims for breach of contract are generally excluded, unless they involve breaches of confidentiality/security obligations, PCI compliance, or IP indemnities in third-party contracts.

‍

Intellectual Property

Most cyber policies exclude IP claims—especially patents. Some offer limited content liability coverage for things like copyright infringement (e.g., website content). Software copyright coverage may be available through specific carvebacks, depending on the carrier.

‍

Intentional Acts & Dishonesty

Intentional acts are usually excluded—but exceptions exist. For instance, some carriers offer “rogue employee” coverage for unauthorized acts by staff, unless senior leadership was aware. Look for policies requiring a “final, non-appealable adjudication” before denying coverage, and no imputation of wrongdoing across insureds.

‍

Internet Infrastructure Failures

This is the cyber equivalent of a war exclusion—cyber policies don’t cover large-scale internet outages (e.g., DNS failures). Coverage is designed for isolated incidents, not systemic infrastructure breakdowns. Coverage for DNS issues like the Dyn attack (2016) varies by carrier.

‍

Unlawful Data Collection & Communications

Cyber policies often exclude coverage for unlawful data collection, scraping, or violations of TCPA/CAN-SPAM. This is a key concern for data-driven businesses and should be reviewed carefully.

‍

Theft of Funds

Cyber policies may cover legal liability and breach response costs, but direct reimbursement for stolen funds usually falls under a crime policy. Some carriers are willing to extend limited coverage for this.

‍