A zero-day exploit is a cyberattack that leverages previously unknown vulnerabilities for which no patches exist, giving defenders "zero days" to prepare before the attack occurs. The term "zero-day" can refer to the vulnerability itself (zero-day vulnerability) or the attack exploiting it (zero-day exploit). These sophisticated attacks are typically covered by cyber insurance policies, since organisations cannot reasonably be expected to defend against unknown vulnerabilities—distinguishing them from failures to patch known weaknesses. Zero-day exploits often feature in advanced persistent threats and nation-state attacks, resulting in significantly higher incident response costs due to their complexity, the absence of established remediation procedures, and the need for custom forensic analysis. However, if attribution points to state-sponsored actors, zero-day attacks may trigger acts of war or hostile acts exclusions in some policies, potentially limiting or eliminating coverage despite the organisation's lack of negligence.

A zero-day exploit is a cyberattack that leverages previously unknown vulnerabilities for which no patches exist, giving defenders "zero days" to prepare before the attack occurs. The term "zero-day" can refer to the vulnerability itself (zero-day vulnerability) or the attack exploiting it (zero-day exploit). These sophisticated attacks are typically covered by cyber insurance policies, since organisations cannot reasonably be expected to defend against unknown vulnerabilities—distinguishing them from failures to patch known weaknesses. Zero-day exploits often feature in advanced persistent threats and nation-state attacks, resulting in significantly higher incident response costs due to their complexity, the absence of established remediation procedures, and the need for custom forensic analysis. However, if attribution points to state-sponsored actors, zero-day attacks may trigger acts of war or hostile acts exclusions in some policies, potentially limiting or eliminating coverage despite the organisation's lack of negligence.