What is

Vulnerability

A weakness in systems, applications, processes, or configurations that could be exploited to compromise security.

Vulnerability

in more detail

A vulnerability is a weakness in systems, applications, processes, or configurations that could be exploited to compromise security. For cyber insurance purposes, known vulnerabilities must be patched within reasonable timeframes based on their severity, or insurers may deny coverage for resulting incidents, citing failure to maintain adequate security. Zero-day vulnerabilities (unknown to vendors without available patches) generally don't affect coverage as they're beyond reasonable control. Proper vulnerability management—including regular scanning, prioritised patching, and compensating controls—demonstrates the reasonable security measures insurers require. Critically, failure to address known vulnerabilities may void coverage even for unrelated incidents, as it suggests broader security negligence.

RELATED TERM

Trigger Event

System Failure

Transaction Fraud

Supply Chain Attack

Social Engineering

Silent Cyber

Phishing

Service Degradation

Resilience Measures

Security Event

Security Awareness Training

Privacy Impact Assessment (PIA)

Mean Time to Recovery (MTTR)

Notification Failure

Operational Disruption

Multi-Factor Authentication (MFA)

Malware Propagation

Infrastructure Failure

Identity Theft

External Threat

Incident Response Plan

Governance Failure

Ethical Hacking

Email Compromise

Encryption Failure

Disaster Recovery

Electronic Data

Digital Forensics

Dependent Service Interruption

Data Theft

Denial of Service (DoS)

Data Subject Access Request (DSAR)

Data Retention Period

Data Retention Failure

Data Integrity Loss

Cyber War / Acts of War Exclusion

Cyber Theft

Cyber Extortion Demand

Credential Stuffing

Breach Coach

Botnetting

Business Email Compromise (BEC)

Cyber Event

Application Outage

Malware

Business Continuity Plan

Bodily Injury

Access Control Failure

Account Takeover

Zero Trust

Zero-Day Exploit

Unauthorised Modification

Unauthorised Access

Third-Party Dependency

Service Interruption

Third-Party Liability

Security Breach

Recovery Time Objective (RTO)

Ransomware

Qualified Incident Response Firm

Outsourced Service

Known Threat Actor

Hacker

Host System

Approved Provider / Panel Vendor

Direct Financial Loss

Incident Response

Mandatory Ransomware Payment Reporting laws

Cyber Extortion

Cryptojacking

Eligible Data Breach

Notifiable Data Breaches (NDB) scheme

Data Breach

ALL CATEGORY

Tradies

Cyber

Generic

Vulnerability

|

Cyber

RELATED TERM

ALL CATEGORY

Navigation

Insurance

Other Links