Unauthorised access refers to access to computer systems or data without permission, serving as the foundational trigger for most cyber insurance claims. This includes hacking, stolen credentials, employee misuse, and exploitation of system vulnerabilities. Insurance policies define unauthorised access specifically - some require evidence of forced entry or bypassed security controls, while others may exclude incidents from authorised users exceeding their permissions. This distinction matters because an employee accidentally accessing restricted data might not trigger coverage, while an external hacker using the same data would. Common examples include breaches through phishing attacks, credential stuffing (using stolen passwords), or exploiting unpatched vulnerabilities. The policy definition must align with actual security risks - if insider threats are a concern, ensure the policy covers unauthorised access by employees. Clear understanding of how the policy defines this term prevents coverage gaps when incidents occur.
.webp)
.svg)
