Cyber exclusions: An investigation into the cyber insurance coverage gap

The importance of cyber insurance as a tool for financial resilience to mitigate the accelerating corporate losses caused by cybercrime is growing. However, there exists a lack of standardization and mutual understanding in cyber insurance policies. With less than a third of cyber insurance claims paid in 2017 in the U.S., there exists a significant gap between the cyber risks businesses need to cover and those actually covered through their cyber insurance policies. This research uses inductive qualitative content analysis to examine the existing exclusions in the terms and conditions of 40 German cyber insurers and compares the summarized results with existing cyber risk events. We posit that the lack of understanding of cyber policy wordings related to cyber risks is a significant problem for companies that could suffer significant losses. The resulting categorization of 15 exclusions and interrelationships with cyber risk events will support businesses, the insurance industry, and researchers in their efforts to understand, measure, and manage cyber risk.