Home|News|Cyber insurance refusals: what insurers are not telling you

Cyber insurance refusals: what insurers are not telling you

3rd Dec 2025

Author: Asim Din

You suffer a cyber attack, you notify your insurer and you expect your cyber policy to respond. Instead, you receive a long letter explaining why the claim is declined or severely reduced.

We are seeing this more often. Insurers are taking a tougher line on cyber insurance claims, particularly for small and medium sized businesses and professional practices. Late notification, alleged gaps in security and narrow policy wording are all being used to challenge payment.

Asim Din, Partner in the Commercial Dispute Resolution Team at Butcher & Barlow, looks at why refusals are rising, where businesses are most exposed and what practical steps you can take to improve your chances of a successful outcome.

Cyber incidents are surging – and SMEs are in the firing line

Cyber crime is no longer a concern reserved for large corporates. Many SMEs have experienced at least one cyber attack in the last 12 months, often beginning with phishing emails. Ransomware incidents continue to increase, yet many businesses still have limited cyber cover, or policies that do not reflect how their systems and suppliers actually work.

Claims volumes and payouts are rising, regulators are watching closely and underwriters are narrowing the terms on which they will offer cover. The result is a much tougher environment for policyholders when a cyber insurance claim is made

Why are more cyber insurance claims being rejected?

When a cyber insurance claim is turned down, the reasons often fall into a few recurring themes.

1. Late or unclear notification

Most cyber policies require you to notify the insurer “as soon as possible” or within a set time frame after discovering an incident. Problems typically arise when the business waits to see how serious the issue is before saying anything, when the IT team tries to fix the problem first and only involves the insurer later, or when the incident is reported in very broad or uncertain terms.

In these situations, the insurer may argue that late or unclear notification has prejudiced its position, which can be enough to refuse all or part of the claim.

2. Alleged failures in IT security or compliance

Proposal forms and questionnaires often ask detailed questions about security controls, backups and staff training. If the insurer considers that the reality on the ground did not match the description in the proposal, it may allege misrepresentation or non-compliance with policy conditions and seek to avoid or reduce cover.

3. Narrow policy wording and exclusions

Cyber policies vary widely, and disputes often arise over whether a system or supplier sits within the insured “network”, whether the loss arose from a “network security failure” or human error, how exclusions for fraudulent instructions or social engineering apply and how limits for business interruption or data restoration are interpreted. Where wording is narrow, the insurer may argue that the incident does not fall within the defined scope of cover, even where the impact on the business is very clear.

How insurers are approaching cyber claims now

Across the market, several trends are emerging in the way cyber insurance claims are handled:

  • More “reservation of rights” letters, where insurers say they are investigating the claim without confirming that cover is in place.
  • Heavier reliance on forensic IT, with technical reports used to analyse causation and timing in great detail.
  • Stricter interpretation of questionnaires and policy conditions, sometimes months or years after they were completed.
  • Closer analysis of loss, with detailed evidence of downtime, lost revenue and additional costs required, and assumptions challenged where records are incomplete.

This more challenging environment makes preparation, documentation and early advice critical.

Practical steps to strengthen your position

There is a great deal that businesses can do, both before and after an incident, to improve cyber claim outcomes.

Before an incident

  • Align security controls with policy requirements
    Map your actual controls against what is stated in the proposal form and policy. Where there are gaps, either close them or agree revised wording with your broker.
  • Document what you do in practice
    Keep clear records of backups, patching cycles, security training and incident response exercises. These can prove vital if an insurer questions your cyber hygiene.
  • Review wording annually with a specialist broker
    Check how your operations, suppliers and systems have changed. Make sure that definitions of “network”, “systems”, “suppliers” and “business interruption” still reflect reality.
  • Know your notification triggers
    Build the policy wording, key contacts and reporting requirements into your incident response plan so that notification is not overlooked in the heat of the moment.

After an incident

  • Notify the insurer promptly, even if not all the details are clear.
  • Preserve emails, logs and system records that may later be needed as evidence.
  • Keep a simple decision log, recording key steps and why they were taken.
  • Involve your broker and legal advisers at an early stage if you sense that cover may be questioned.

These practical steps do not remove the risk of a dispute, but they put you in a stronger position if the claim is challenged.

How Butcher & Barlow can support you

Butcher & Barlow does not operate your IT systems and does not sell insurance. Our role is different. We help you understand the policy, protect your position and respond effectively if your cyber insurance claim is limited or refused.

We regularly assist clients by:

  • Reviewing policy wording in the event of a dispute to identify gaps or grey areas which may cause issue.
  • Guiding businesses through live claims, including correspondence with insurers and their advisers.
  • Advising on challenges to refusals, whether through the insurer’s complaints process, the Financial Ombudsman Service for eligible businesses or court proceedings in higher value cases.

Our aim is to work with you to ease the burden of dealing with a disputed claim and help you reach the fairest possible outcome.

Cyber incidents are now a routine business risk. Disputed cyber insurance claims are becoming just as common. If you are facing a refusal, or you would like to review your current cyber cover and claims strategy, the Commercial Dispute Resolution Team at Butcher & Barlow is ready to help.

Professional headshot of a Solicitor in a navy suit with a black tie, standing in front of a white panelled door.

Asim Din

The information in this article was correct at the time of publication. The information is for general guidance only. Laws and regulations may change, and the applicability of legal principles can vary based on individual circumstances. Therefore, this content should not be construed as legal advice. We recommend that you consult with a qualified legal professional to obtain advice tailored to your specific situation. For personalised guidance, please contact us directly.

 

 

    Make an enquiry