Often called the “wild west,” the cyber insurance marketplace offers a wide variety of policy forms that vary drastically in the scope of coverage provided.  This is further compounded by the relatively small amount of case law analyzing cyber policies and the quickly-evolving cyber risks that companies face.  Insurers are quick to deny coverage based on the many exclusions in cyber policies, often leaving policyholders with the option of either spending money to fight their insurer in court or accepting the carrier’s denial.  If your company is insured by a cyber policy (or, for that matter, any type of an insurance policy), you should carefully review the policy, understand its exclusions, and, where possible, take steps to implement practices and procedures to ensure that your company’s activities do not fall within the enumerated exclusions.  Cyber insurers are often willing to modify exclusions in cyber policies to carve back certain coverages, but only when asked to do so.  Analyzing the policy and negotiating with the carrier on the front end, before a claim occurs, can save your company both time and money on the back end if a claim arises.  Below, we discuss some of the more frequently-invoked cyber policy exclusions that carriers use to deny coverage.