Your Cyber Cheat Sheet

A glossary of terms for all things you need to know about cyber insurance.

 Backups A copy of data that can be restored in the event of data loss (from a malicious attack or software/hardware malfunction). More on implementing a backup strategy. 
Breach Response Services 

Costs in response to an actual or suspected Data Breach or Security Breach; Includes:

  • Legal Services 
  • Forensics
  • PCI Forensics
  • Notification Costs
  • Credit Monitoring
  • Call Center Coordination
  • Public Relations
  • Crisis Management
Business Email Compromise  In the most common type of social engineering attack, malicious actors scout for a vulnerability within your client’s system, which they exploit to dupe employees into moving money into a fake account.
Business Interruption  Insurance coverage that pays the loss of income and extra expenses resulting from a network security event. More on business interruption.
Bricking/Bricking Coverage  Hardware that is no longer functional due to malware.Bricking Coverage insures the costs to replace the impacted computer systems. 
Contingent Business Interruption  Coverage for insured losses stemming from business interruption caused by interrupted or degraded service from a third-party service provider. More on Contingent BI.
Credit Monitoring  A service provided by credit card companies, banks, credit reporting agencies, and other third-party companies to monitor your credit reports for any changes that could adversely impact the customer’s credit score and potentially indicate identity theft. There is an annual cost for this service.
Crisis Management  Coverage for public relations expenses or expenses relating to minimizing the damages associated with a claim under the policy; damages of reputation or actual economic damages.
Cyber Extortion  A crime in which an individual demands payment to prevent the threat of or stop an attack on an organization’s computer network or website.
Data Breach The occurrence of disclosure of confidential information, access to confidential information, destruction of data assets, or abusive use of a private IT environment. Generally, a data breach results in internal data being made accessible to external entities without authorization.
Data Loss History

Data Loss History is exactly what it sounds like—it summarizes how much data an individual or organization has lost over time through “data loss events.” A company with a significant number or consistent patterns of data loss likely do not have the right security measures in place.

Defensibility How hard is it to defend a company’s infrastructure? It all depends on the complexity. Defensibility is a rating determined by measuring the number of internet-facing systems a company has, and how many different hosting providers those systems use. Having fewer internet-facing systems, and fewer different hosting providers, means it’s easier to defend. You may see terms like “surface area” or “footprint” to describe this concept of how much there is to defend.
Denial of Service/Distributed Denial of Service (DOS/DDOS)

Denial of Service, or DOS, is a cyber attack wherein a user’s computer network access is interrupted by an already compromised system. A Distributed Denial of Service attack tends to attack something that would interrupt multiple users’ access, such as a server or network resource.

DNS Security

DNS stands for domain name system. This is what translates a company’s human-readable domain name ( to a machine-readable IP address ( A company’s DNSrecords can be hijacked resulting in visitors to the company URL being redirected to a hacker’s site. DNS Security checks out the controls that a company is using to protect their domain, and if those controls are sufficient to keep it secure.

Email Security  Email security measures whether, and how well, a company is following best practices in securing email servers and software. For instance, email authentication ensures that when someone attempts to send an email from the company’s address, the email is flagged. Encryption for email works like it does for the web. There are several components that are measured. 

The method of protecting text, data, or other communications from those who should not have access to it. Those who do not have the password or key needed will not be able to make sense of an encrypted file, and the file will appear as gibberish. More on data encryption here.

End-of-Life Software  End-of-life Software is simply a software program or service that is no longer updated and/or supported by its producer. This software lifecycle stage often also means that there will be no future security updates or patches, leaving the software and its underlying services vulnerable to breach as cyber attackers become more sophisticated. 
Endpoint Detection Response (EDR)
An integrated endpoint security solution that combines real-time continuous monitoring and collection of endpoint data with rules-based automated response and analysis capabilities. More on EDR.
First Party Liability  First party liability is coverage for a loss you incur as a result of a covered peril.
Forensics  Scientific tests or techniques used to detect a crime. In this context, this includes the extraction or gathering of data from a computer or network to determine whether there was an intrusion, how it occurred, when it occurred, who the intruder was, and what information they accessed.
Governance  This measures two factors: How much government regulation a company’s industry is subject to, and how likely their customers are to demand proper security protocols. For example, a commercial bank would score high on both accounts; a community church would score low.

An individual who gains unauthorized access to computer systems, whether for benign or malevolent purposes. Typically, hackers look for data to steal or damage.

Incident Response (IR) The steps taken to prepare for an attack, mitigate the damage, and respond accordingly to prevent adverse events in the future. More on incident response. 
Malicious code 

Also known as malware. A general term used to refer to any kind of software that causes damages to a computer or network, including viruses, worms, Trojan horses, etc.

Malware An abbreviation for “malicious software,” designed to gain unauthorized access to a computer system and cause damage. 
Media/Personal Injury Coverage

Coverage for libel, slander, disparagement of individuals and/or businesses, false arrest, etc.

Multi-factor Authentication (MFA)
An authentication method that requires the user to provide two or more credentials in order to gain access to an account. More on MFA.

Two or more computers connected to each other to enable sharing of files and information between them.

Notification Costs

Costs associated with notifying individuals whose privacy has been breached. Governed by state law. Also called privacy notification costs.

Personally Identifiable Information (PII)

Unique information that establishes an individual identity such as date of birth, social security or national identification number. This includes Personal Financial Information ( PFI ) Unique financial information about an individual or entity such as income, credit history, account information, and financial transaction information.

PCI Compliance

PCI stands for Payment Card Industry and is used as shorthand for a set of requirements, officially called the Payment Card Industry Data Security Standard, to ensure that all companies that process, store, or transmit credit card information maintain a secure environment.

Phishing/Spear phishing

A technique used by hackers to trick users into giving up personal or sensitive information, often through email. Some phishers will use spear phishing, where they mimic a trusted source or sender in order to coax their victim into a false sense of security and give up their data.


Malicious software that locks a company out of accessing its own data, keeping it hostage. Hackers demand a payment in return for releasing the data.

Security Breach

A general term used to indicate when a computer system has been infiltrated by an individual without access (or beyond approved access). This security breach may result in disclosure of private or confidential information, but it also may not.

Social Engineering

The use of deception to manipulate individuals into giving up money or confidential information. More on social engineering.

Software Patching

Patches are small updates to software to fix bugs, address security vulnerabilities, or add new features in between larger software “releases” or updates. When software nears the end of its life, the software vendor may cease issuing new software patches, and any company still running the software beyond that point may be vulnerable to attack. This measure searches for out of date software across a company’s IT infrastructure.

System Hosting

System hosting analyzes exactly how a company hosts its online presence, including which hosting providers are used and the countries where hosting is located. Data privacy laws in those countries may be a factor.

Third Party Liability 

Third party liability coverage addresses issues when, you as an entity, cause damage to another person or entity. In this context it would be financial harm to a third party.

Third Party Outsourcers 

Companies that maintain confidential information for other companies, electronically or physically, including disposal companies like Iron Mountain.

 Threat Intelligence

It’s possible that IT assets owned by the company have been hijacked and used to send spam or perform other malicious activity -- without the knowledge of the company who owns it. Threat Intelligence checks the list of IT assets owned by the company against feeds internet intelligence that report on malicious behavior to see if any of the assets have been compromised.


A program or piece of malicious code that replicates itself causing serious damage to a computer or network in a seemingly infinite variety of ways, including erasing files, rendering the files or computer inoperable. New viruses are identified daily.

Web Applications 

Web application is a technical umbrella term for websites of all types. In this context it refers to your client’s main customer-facing web presence and/or employee web portal. Ensuring the security of a company’s web applications is critical, especially if employees or customers are using the site to conduct business or log in with a password. Basic web app security tests include testing for HTTP security settings configured to prevent users from injecting malicious code into your application or database, using your website to hijack clicks to malicious websites, or sending malicious code to users of your site.

Web Encryption

Data is constantly flowing between end users’ devices and the various servers in a company’s IT infrastructure. With encryption, that data is transformed into a scrambled, unrecognizable format while in transit, which helps make it less useful to hackers if they were to get their hands on it. This measures not just whether encryption is used, but how strong it is - meaning how hard it would be for hackers to crack the code.


A software vulnerability that is unknown by the vendor and does not have an official update or patch available yet. These are either discovered by researchers or by threat actors who exploit the vulnerability.