Abstract blue texture representing cybersecurity

Jul 8, 2025 — 3 minutes

Does your liability insurance cover you in the event of a cyberattack?

Many companies, especially SMEs and service firms, take out liability insurance as part of their basic protection. Sometimes it is required by contract, other times it is simply part of good governance.

The problem is that many mistakenly believe that this insurance will also protect them in the event of a cyber incident.

And that is usually not the case.

What does (and doesn’t) liability insurance cover?

A liability policy is designed to respond when a company causes material, personal, or economic damage to third parties in the course of its business. For example:

  • A client is injured during a visit to your offices.
  • An employee accidentally breaks equipment at a client’s premises.
  • Or (in the case of professional liability), you make an error in a report that causes a financial loss.

But here is the key point:

Most liability policies expressly exclude cyber incidents (ransomware, data breaches, digital fraud, etc.).

What types of claims fall outside coverage?

Here are some examples that, in practice, are not covered by most liability policies:

  • Ransomware attacks
  • Leaks or theft of confidential information
  • Damage to internal systems (servers, data, platforms)
  • Loss of revenue due to operational downtime
  • Client claims for GDPR non-compliance
  • Accidental transmission of malware to third parties

For all of this, you need a dedicated cyber insurance policy, designed to cover both your own costs and liability toward third parties.

What if my policy does not have an explicit cyber exclusion?

This is an important nuance.

The absence of an exclusion clause does not mean the insurance covers the incident.

In insurance, what is not expressly included is not necessarily covered. And cyber incidents typically fall outside the scope of the insured risk if not clearly mentioned.

The result?

In the event of a cyberattack, the insurer may refuse to pay, arguing that it falls outside the scope of the contracted coverage.

What can you do?

  1. Review your current policy: look for exclusions related to technology, data, or cybersecurity.
  2. Analyze your real risks: Do you rely on digital systems, sensitive data, or online platforms?
  3. Consult an expert: at Axyom we review your coverage and help you determine whether you are truly protected… or just think you are.

Conclusion

Thinking you are covered can prove very costly.

If your business depends on digital operations, you need to be clear about what your current insurance does (and does not) cover. And if it does not cover cyber risks, it is time to consider a specialized cyber insurance policy. Because in cybersecurity, there are no second chances.