Cyber insurance helps organizations survive ransomware and data breaches, but new exclusions, stricter security requirements, and nation‑state threats mean your next big attack may not be covered.

• To even qualify or renew, customers are being pushed to redesign backup and storage. Underwriters now expect immutable, logically or physically separated backups, independent credentials, and network segmentation.

• In real‑world breach case studies, policies often covered incident response, legal, and recovery costs, but only when they could prove they had met pre‑breach security obligations and followed insurer‑approved playbooks.

• Insurers are increasingly excluding “war‑like” and state‑sponsored operations: Lloyd’s now requires syndicates to carve nation‑state attacks out of standalone cyber policies, and many U.S. policies quietly added similar language.