1. Home
  2. /
  3. Cyber insurance
  4. /
  5. Cyber Security and Insurance...

Cyber Security and Insurance Glossary

Apr 25, 2023

All businesses are at risk of cyberattacks. Cybersecurity insurance is fast becoming a business necessity.

Yet when we talk about cybersecurity and insurance, we tend to use a lot of specific terms, some of which may be unfamiliar to you. So we put together this essential cybersecurity and insurance glossary, to help you understand some of the risks your business might face.

Got any questions about cybersecurity? Want to discuss your cybersecurity risks? We have a team of experts on hand to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.

Ad Hoc Network

A computer network that does not rely on any pre-existing infrastructure, such as routers or access points – hence, “ad hoc”. Rather than using this infrastructure, all devices in the network will be configured to communicate with each other, with no central control over who can join. As a result of this lack of control, Ad Hoc networks are comparatively insecure, and are therefore unsuitable for business use.

Audit Log

A record of what individuals have been doing on your computer systems. This makes it easier for cybersecurity teams to monitor network activity, and to assess the root causes of cyberbreaches.

Brute Force Attack

A system of hacking whereby the hacker will use a program to identify a password for a system by simply cycling through every possible password.

Insurance Broker

A company or individual regulated by the Financial Conduct Authority (FCA). Insurance brokers work with a panel of insurers from across the market to find you the cover you need at the best price. Learn more about the work of insurance brokers.

Insurance Claim

When a policyholder demands payment from their insurer for an event for which they’re covered, it’s known as an insurance claim. The person making the claim is known as the claimant.

Cloud Computing

Any situation where a third-party manages the information infrastructure used by other organisations. For example, a business might store data on “the cloud” – an online storage facility owned and operated by a third-party provider.

Denial of Service or Distributed Denial of Service (DDoS) Attack

A type of cyberattack in which hackers will flood a system with connection requests. This will overwhelm the system, making it impossible for legitimate connections to get through. As a result, the whole system can crash. A Distributed Denial of Service (DDoS) attack is similar, but on a much greater scale, with hundreds of thousands of systems around the world simultaneously overwhelming a single organization’s system.

Disaster Recovery Plan (DRP)

A business continuity plan that details how your business will recover in the event of a cyberbreach, in terms of system restoration, data recovery, reputational management, and so on.

Eavesdropping Attack

When a cybercriminal gains entry to a system yet remains passive. Instead, they’ll spy on secure transmissions in order to gather useful information for a more serious attack in future. This might also be known as a Passive Attack, where a cybercriminal monitors a transmission without disrupting it.


A line of defence within your computer network. Your firewall will attempt to filter the traffic between your network and the wider internet to ensure that only authorised traffic can gain access. But in order to remain effective, firewalls need updating regularly. A chief responsibility of cybersecurity teams is to ensure that all cybersecurity systems, from firewalls to antivirus software, receive regular updates.

Indemnity Insurance

In insurance contracts, indemnity is the principle that an individual or an organisation that suffers a loss should, as much as is possible, be restored to the same financial position they were in immediately prior to the loss.

IT Security Policy

A set of policies and procedures governing how people use the IT systems in your business. An IT Security Policy might set rules for password security and sharing, two-step authentication, and policies for storing data and taking devices off business premises.


A cyberattack that aims to bring down Wi-Fi networks through clogging them with transmissions that are on the same radio frequency.


The state of being legally obligated or responsible. For example, employee liability insurance covers employers for their legal responsibilities to their employees.

Logic Bomb

A piece of malware (see below) that will activate automatically once certain conditions are met. For example, a cybercriminal might plant some malicious code that will only become active at a certain time on a certain date. Logic Bombs might lie dormant on a system without the user realising there’s a problem, until it’s too late.


Another word for “virus” – this is a piece of malicious software (hence, malware) that cybercriminals use to exploit systems as part of their cyberattacks. For example, they might use malware to steal confidential data, or to encrypt it remotely as part of a ransomware attack (see below).

Network Resilience

A measure of how effectively your network can perform under strain. A resilient network might use multiple devices, set up so that, should one fail, the others will automatically take over.

Penetration Testing

A method for assessing your network’s security. Cybersecurity teams might use the various techniques in a hacker’s toolkit, from manual breach attempts to automated tools, in order to identify vulnerabilities in the system. Once they find these vulnerabilities, of course, they can work to secure them.


A type of cyberattack in which cybercriminals will send emails that claim to be from official bodies (such as banks and shopping sites) or from known contacts (such as a co-worker or a manager). These emails might request the recipient sends some sensitive information, such as a login or bank details. Or they may simply request the recipient clicks a link, which could install malware on their device and leave the entire system vulnerable to subsequent breaches.

Insurance Policy

The wording of an insurance contract, outlining who is covered, what they’re covered for, and how much they’re covered for. Any individual insured under an insurance contract is known as a policyholder.

Insurance Premium

The amount a policyholder must pay for their insurance cover.


A type of cyberattack in which a cybercriminal will remotely lock your computer, and keep it locked until you send them money – a ransom payment. If you don’t pay the ransom, you’ll either lose access to your data or the cybercriminal will make your data public, meaning you’ll then have to deal with all the financial, reputational, and regulatory damages that follow a data breach.

Sensitive Information

Any data that you want to keep confidential. Examples might include logins, bank details, customer information, payroll information, and so on.


A form of phishing that relies on text messages (SMS – hence, smishing) instead of emails.

Third Party

Anyone involved in a claim beyond the insured or their insurer who has suffered a loss. Some insurance policies specify third party liability – the legal obligations that the insured has to a third party.

Threat Analysis

A thorough audit of all the treats your business currently faces, online and offline. Did you know, for instance, that cybercriminals are more likely to target smaller businesses over larger businesses?

Trojan Horse

Malware that hides inside a seemingly innocent program.


Another word for “malware” – the two terms are basically interchangeable.


A form of malware, or a computer virus, that can replicate itself to spread to other devices across your network.

Zero Day Attack

This is essentially a term for a “new” form of cyberattack, whereby cybercriminals exploit vulnerabilities that were previously unknown to software or antivirus developers. Businesses need robust cybersecurity policies because cybercriminals are constantly looking for new vulnerabilities to attack – what works to keep your systems safe today will not necessarily work tomorrow.

Protect Your Business From Cybercrime

No business is entirely safe from cybercrime. Understanding the risks you face is the first step to managing these risks.

Yet in the event of a data breach, cyber insurance will cover your business’s liability as well as your ability to manage the impact on both your systems and finances.

If you have any questions about business insurance, or if you want to discuss your cyber insurance needs, we have a team of experts ready to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.

Get a Quote

You can call us during normal office hours, Monday to Friday, 9am to 5pm. Outside of office hours you can either email us or leave an answerphone message and we promise to get back to you the next working day.

General enquiries:
020 8290 4560

Sign up for news

* indicates required