Image by Bill Oxford

How Does Cyber Insurance Work?

Understanding your coverage, when to activate your policy, and the process that follows.



Protecting your business from cyber risk is critical to ensuring optimal, ongoing performance and limiting losses in the event of a crisis.


A cyber insurance policy can act as a risk transfer tool, covering the costs associated with recovery following a cyber-related security breach. When considering a cyber insurance policy, it is important to understand the following:


  • What specific costs are covered by a cyber insurance policy?

  • Once I purchase a cyber insurance policy, when should I use it?

  • What happens when I activate my cyber insurance policy? 


Here, we explore the above questions to provide you with key insights on cyber insurance and policy activation. 

What costs should be covered by a cyber insurance policy?


With many considerations to keep in mind, it is crucial to work with your broker to understand your cyber insurance policy. They can help you assess what is covered under each policy when choosing between insurers. 


While your management liability or professional indemnity policy may include elements of cyber coverage as part of a ‘cyber extension’, they are not designed to cover the full spectrum of cyber risks and do not offer the same quality or range of coverage provided by standalone cyber insurance policies. Cyber extensions normally offer lower limits of coverage and compensation for a more limited variety of claims. 


Pandamatics Underwriting advises all organisations to purchase a comprehensive, standalone cyber insurance policy designed to cover the full range of cyber risk. 


At the bare minimum, standalone cyber policies should cover the following:

​1. First-Party Coverage

  • Incident response and investigation fees

  • Digital forensics expenses

  • Extortion and ransomware negotiation 

  • Credit monitoring and protection

  • Business interruption losses

  • Data and systems recovery and restoration 

  • Public relations costs

  • Legal representation expenses

2. Third-Party Coverage

  • Network security, privacy, and notification

  • Regulatory fines (where insurable by law)

  • Media liability

  • Transmission of damage and malicious content


In addition to loss coverage, your policy may also provide additional pre-breach cyber risk management support. For example, every Pandamatics Underwriting policyholder receives privileged and discounted access to a number of trusted cyber risk management partners, including top-tier Blackpanda digital forensics and incident response as well as SentinelOne, Blackpanda’s preferred endpoint detection, and response (EDR) platform. 


In addition to serving as the cyber incident response team for all policy activations, Blackpanda experts also offer pre-breach consulting and advisory services to reduce your cyber risk. Blackpanda experts also support the deployment of the SentinelOne platform to aid in threat monitoring, prevention, and active threat hunting in the event of a breach.


By proactively building a trusted relationship with your cyber incident response team and technologies early, we ensure everything is in place to make future response fast, smooth, and professional, limiting damage and getting your business back on its feet as soon as possible.


When should I activate my cyber insurance policy?


When data is compromised, every minute counts. 


In the event of a fire or a suspected gas leak, you would immediately call the fire department. By that same thread, if your organization has suffered a cyber attack or suspects a breach, reach out to your breach response line for immediate triage, as stipulated by your insurance provider.


Incident response specialists with their highly technical expertise are trained to look for specialized indicators of compromise that might not be known to internal IT teams. Activating your cyber insurance policy as soon as you suspect a breach saves you time and money in the long run, protecting you from the potentially catastrophic aftermath of a cyber attack at worst, or simply providing you with an opportunity to better understand threats and improve your security posture. 


Who do I contact to activate my cyber insurance policy?


In the event of a cyber attack, you will typically engage your breach coach or cyber insurance provider who will then activate responders on the panel that are best suited to respond to your needs and remediate the breach. Your Point of Contact (POC) will be clearly stated in your policy coverage documents. 


At Pandamatics Underwriting, we focus on faster and more efficient response by enabling policyholders to directly contact Blackpanda digital forensics and incident response specialists in the event of a suspected incident. Our response-first model removes unnecessary barriers to activation and allows for immediate incident triage. 


In the event of a crisis, you might find yourself rushing to solve the situation by whatever means, which may lead you to seek help from unapproved third-party incident response services. It is important that you do not do so and instead stick to the trusted providers that have been pre-approved by your insurer, as this ensures optimum coverage and minimum out-of-pocket costs. 


Having a cyber insurance policy guarantees response from a designated and reputable incident response firm. All you have to do is activate your policy and trust the experts to do their job.


What happens when I activate my cyber insurance policy?


While each insurer varies in their process slightly, in most cases an approved incident response firm will perform initial triage and relay to the breach coach the extent of the breach and mitigating actions taken. Your breach coach will engage with the insurer and determine what further action is required including whether other members of the response panel (legal, public relations, or otherwise) should be engaged. 


On activation of a Pandamatics Underwriting policy, we work closely with Blackpanda, our partner breach coach (either Crawford & Co. or Charles Taylor Adjusting), as well as our world-class response panel of legal experts, PR consultants, and other relevant specialists to ensure you recover as quickly and efficiently as possible following an incident. We also coordinate with your broker to aid in an efficient and hassle-free claims process. As for response fees, all insured costs are automatically picked up by the insurer after any applicable excess has been paid.


With the right guidance from an experienced broker, purchasing a cyber insurance policy that suits your needs can be a seamless process.


For more information about Pandamatics Underwriting policy coverage, response panel, and value-add services and technologies, please visit our Policy Coverage page.


If you have any further questions at all, please contact us at or fill out the contact form.