CyberCover.co.nz
← Back to Blog
Coverage GuideCyberCover Team8 min read15 April 2026

What Does Cyber Insurance Actually Cover? A Plain-English Guide for NZ Businesses

What Does Cyber Insurance Cover in New Zealand?

Cyber insurance policies can seem complex — but at their core, they protect your business against two types of loss: what happens to you (first-party cover) and claims made against you by others (third-party liability).

First-Party Cover: Your Own Business Costs

When your business suffers a cyber attack, the costs start mounting immediately. First-party cover pays for:

  • IT forensic investigation — specialist cyber investigators determine how the attack happened and what was affected
  • Data breach notification — costs to notify affected customers and employees under the Privacy Act 2020
  • Ransomware extortion payments — subject to legal guidance and insurer approval
  • Business interruption — lost revenue when your systems are down
  • System restoration — rebuilding or restoring compromised systems and data
  • Crisis communications and PR — managing your reputation during and after an incident
  • Legal advice — guidance on obligations under the Privacy Act 2020 and other regulations

Third-Party Liability Cover: Claims Against Your Business

If a cyber attack exposes your customers' data, they may make claims against your business. Third-party liability cover includes:

  • Privacy liability — defence and settlement costs for claims by affected individuals
  • Network security liability — if your systems are used to attack another business
  • Regulatory investigations — defence against Privacy Commissioner investigations and proceedings
  • Media liability — for content-related cyber claims

What's Typically NOT Covered

It's equally important to understand exclusions. Most cyber policies do not cover:

  • War, terrorism and nation-state attacks (some policies are broadening this)
  • Bodily injury or physical property damage
  • Intentional or fraudulent acts by the policyholder
  • Pre-existing incidents known before the policy started
  • Unencrypted data on lost or stolen devices (without appropriate security controls)

Key Questions to Ask Your Broker

When reviewing a cyber insurance policy, always ask:

  • Is ransomware extortion cover included, and what is the sub-limit?
  • Is social engineering / business email compromise (BEC) included or excluded?
  • What is the business interruption waiting period?
  • What are the incident response services included?
  • Are regulatory fines and penalties covered (where legally insurable)?

The CyberCover team are licensed NZ insurance advisors who can walk you through any policy in plain English before you commit. Get in touch for a no-obligation review.

About the Author

CyberCover Team — the CyberCover crew are self-confessed insurance geeks on a mission to make cyber cover simple, accessible and jargon-free for businesses of every size.

Ready to Get Protected?

Get tailored cyber insurance quotes from licensed NZ brokers. Free advice, no obligation.

Free advice. No obligation. Licensed NZ brokers.

✓ Free advice✓ Licensed NZ brokers✓ No obligation✓ Reply within 1 business day