Cyber Liability Insurance Policy

When you’ll get your Cyber Liability Insurance Policy

• Your business stores customer data, payment info, or health records
• A client or partner contract now requires cyber coverage
• You renewed cyber insurance after a security assessment
• You added ransomware or business-interruption coverage
• Your industry faces rising breach and regulatory exposure

What’s on your Cyber Liability Insurance Policy

These are the fields Granite reads and extracts automatically the moment you upload one.

Named Insured

The business the policy covers.

Carrier & Policy Number

The insurer and unique policy identifier.

Aggregate Limit

The most the policy pays in total across the term.

Sublimits

Lower caps on specific perils like ransomware or social-engineering fraud.

Required Controls

Security measures (MFA, backups) the policy requires you to maintain.

Policy Term

The effective and expiration dates of coverage.

How long to keep it

How Granite handles your Cyber Liability Insurance Policy

Granite reads your cyber policy on upload — carrier, policy number, aggregate limit, sublimits, and term — and files it with your business insurance, alongside the security questionnaire you submitted. It keeps each renewed year so a later-discovered breach maps to the right policy, and reminds you before the term lapses.

FAQ

Cyber Liability Insurance Policy: common questions

What does cyber liability insurance cover?

Cyber liability covers the fallout of a data breach or cyberattack: first-party costs like forensics, customer notification, data restoration, crisis management, and sometimes ransom payments, plus third-party liability to customers and partners whose data was exposed. Many policies also cover regulatory fines and business interruption — but check the sublimits, which often cap specific perils.

What does cyber liability insurance not cover?

Cyber policies generally exclude bodily injury and property damage (covered by general liability), losses from failing to maintain the security controls you attested to, and known but unpatched vulnerabilities. Many also carve out war or state-sponsored attacks. Insurers often verify your controls only after a claim, so an unmaintained control can trigger a denial at the worst moment.

What are sublimits on a cyber policy?

Sublimits are lower caps on specific perils within a cyber policy. Even if your aggregate limit is $1M, ransomware or social-engineering fraud might be capped at $100K or $250K. These sublimits are where real exposure hides, so read them carefully — the headline limit rarely tells the whole story.

Why do cyber policies require security controls?

Insurers increasingly require controls like multi-factor authentication and tested backups as a condition of coverage and price policies on the controls you represent at application. If you fail to maintain a control you attested to, the insurer can deny a claim. That's why keeping both the policy and the questionnaire you submitted matters.

How long should I keep cyber insurance policies?

Keep each policy at least six years past its term, along with the security questionnaire you submitted. Breaches are often discovered long after they begin, and a claim depends on which policy was in force and whether your representations about security controls were accurate.

Sources

This page is checked against primary and authoritative sources:

• FTC — Cyber Insurance (Small Business)
• Travelers — What Is Cyber Liability Insurance?
• Allstate — What Is Cyber Liability Insurance?

More insurance documents

• Auto Insurance Policy
• Business Owner's Policy (BOP)
• Certificate of Insurance (COI)
• General Liability Insurance Policy
• Health Insurance Card
• Homeowners Insurance Policy
• Professional Liability Insurance (E&O)

Browse every document type Granite supports →