<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=1354242&amp;fmt=gif">

Talk the Talk: Cyber Insurance Terminology Guide

Talk our talk, then walk the walk. For even the savviest agents, business insurance can be complicated. Add in the fast-paced, frequently evolving risks of cyber, and you’ve got a recipe full of tech-oriented terms that aren’t always forgiving to beginners, policyholders, or even seasoned pros. 

We’re going to clear the air around all those abbreviated terms (looking at you, EDR, MFA, BEC, and DDoS) plus plenty more. Join us as we review cybersecurity, threat actors, and data breaches to understand what makes up policy terminology and beyond. 📱For those of you on mobile: turn your phone sideways for best reading experience!

Let's take a look at some common cyber terms to see what they mean, what they don't, and why it matters:



Business Interruption (BI)

Insurance coverage that pays the loss of income and extra expenses resulting from a network security event.

Your term of endearment for your child (canine or human) when WFH.

BI Coverage — like cyber as a whole — is constantly changing. Understanding what it covers (and what it doesn’t) can save you or your client trouble. Watch for long waiting periods. These hold a company responsible for a specified period of system downtime before insurance starts paying out.

Incident Response

The steps taken to prepare for an attack, mitigate the damage, and respond accordingly to prevent adverse events in the future.

Alternative career title for the mob if Waste Management is taken.

The fire drills of the cybersecurity world — a necessary plan that every organization should have in the event of disaster. Following an Incident Response Plan (IRP) secures that an organization knows how to contain and recover from a threat. Some questions you’ll need to cover in your IRP: When will you contact your cyber insurer, who is in charge of what, and how will you work with vendors in the event of a breach?

Social Engineering

The use of deception to manipulate individuals into giving up money or confidential information.

Happy hour in Silicon Valley.

70-90% of all malicious breaches are due to social engineering tactics. Due to these losses, insurers frequently define social engineering coverage narrowly or implement sub-limits (leaving the majority of the responsibility on insured organizations to train employees against phishing attempts). 

Policy language isn’t universal. Other terms to watch for: financial fraud loss, unwitting data breach, business instruction fraud, wire fraud. Since there are so many forms of social engineering, an overwhelming amount of terms are often packed into one coverage agreement. Always confirm with carriers on their specific definitions for all.

Multi-factor Authentication (MFA)

An authentication method that requires the user to provide two or more credentials to gain access to an account.

A college student showing their older sister’s ID with her old credit card, too.

If your cyber insurer is going to require any security measure be implemented (which they probably will!) you can bet it’ll start with MFA. As a relatively affordable option, it’s a security control with a massive bang for your buck. It helps protect against unauthorized access, data breaches, and password-based cyber-attacks.

Endpoint Detection Response (EDR)

An integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities.

How they shot down the Death Star.

Cyber attacks continue to get more sophisticated, which means Antivirus (AV) technology doesn’t cut it anymore. While original AV is useful for personal computers, it is really only effective at catching generic malware. Most businesses face more advanced risks. EDR offers “Flight Recorder” technology that tracks activity on the system before and after an alert to clearly identify what malicious activity occurred on the system (and provides the tools to isolate impacted areas). This is useful for when forensic teams are piecing together a full picture of the attack. 

Software Patching

Patches are small updates to software to fix bugs, address security vulnerabilities, or add new features in between larger software “releases” or updates.

A quilt made of the coziest sweatshirts from every startup you’ve worked for.

Patching matters. What may seem like a tedious or inconsequential chore for the IT team can be your frontline defense against threat actors targeting vulnerable organizations. For example, consider the Microsoft Exchange vulnerability discovered last year, where threat actors targeted a zero-day exploit — with a whopping 170,000 unpatched systems in the wild — leaving organizations open to ransomware attacks. Keeping your software as up-to-date as possible can protect against threat actors seeking an easy entrance to your systems.


Scientific tests or techniques used to detect a crime.

In this context, this includes the extraction or gathering of data from a computer or network to determine whether there was an intrusion, how it occurred, when it occurred, who the intruder was, and what information they accessed.

[ 🎵 Who Are You by The Who plays 🎵 ]

If an organization experiences a ransomware attack, they should expect that one of the first vendors they’ll work with is a forensics team. As data consumption experts, they’ll gather all information that is available to them to paint a picture of the attack from start to finish.

Business Email Compromise (BEC)

In the most common type of social engineering attack, malicious actors scout for a vulnerability within your client’s system, which they exploit to dupe employees into moving money into a fake account.

Getting your point across with two exclamation points instead of three.

Through targeting individuals — whether with stolen credentials or through impersonation — threat actors seek access to a business email account. This can act as a golden ticket to sway victims to believe they are working with someone they trust and typically ends with financial gain through the transfer of funds to an attacker-controlled bank account. Educating employees on telltale signs of BEC attacks (through phishing education) can be the best way to prevent cybercriminals from succeeding.

Distributed-Denial-of-Service (DDoS)

Denial-of-service attacks (DoS) are where a cybercriminal uses a single system to overwhelm their target victim’s system or network with a large amount of network traffic, preventing legitimate traffic from accessing the targeted website.

Distributed denial-of-service attacks incorporate an army of systems that coordinate an overwhelming amount of network traffic to one target.

Being banned from every stop on the bar crawl.

DDoS attacks are a popular choice for threat actors and hacktivists alike. They’re relatively easy and cheap to accomplish, as they don’t require breaching a security perimeter. While attacks can be crippling on their own, they may be used in association with a ransomware attack to overwhelm victims. A well-timed attack can stall remediation efforts and create further confusion.


[BLOG] Deep Dive - The 3 Keys to a Successful Cyber Incident Response Strategy

Recent Articles

In the Binoculars: Oliver Delvos, Head of International

Digital risks aren’t bound by traditional obstacles. Distance, language barriers, and cultural...

Finding Equity and Celebrating Strengths: A Conversation with Women Leaders at Corvus

At the office, men walk through the door with a head start. The dress codes, 9-to-5 schedules, and...

Cyberwarfare in Ukraine: One Year of Observations

What surprised us - what we learned - what we got right - and what’s next.

The fog of war is thick....