Insurance is everywhere in our personal and professional lives—from liability insurance to pet insurance. Recently, a new type of insurance has entered our lexicon—cyber insurance. Cyber events are increasingly common, and companies are obtaining insurance to protect them.

In several recent cases, companies with cyber insurance discovered that provisions in these policies led their insurers to limit coverage. Courts have been strictly construing cyber policies, and have found that the coverage provided is narrow. These decisions hinged upon whether an event constituted a covered “direct” loss and whether intervening actions precluded coverage, like an employee responding to fraudulent communications.