The 60-second version
Cyber policy covers ransomware, data breach notification, and business interruption — critical for founders with US/EU clients. I match retro date, declare cloud stack, and keep IR plan for insurer panel.
GDPR client contract may mandate cyber limit — Indian policy must match
Returning founders serving EU/US clients face contractual cyber minimums — standalone cyber policy fills gap left by general liability.
First-party cover pays ransom negotiation, forensic, and business interruption; third-party pays client notification and regulatory fines where insurable.
Insurer requires MFA, backup policy, and patch cadence declaration — false answers void claims.
PI overlap: professional indemnity guide.
Cyber cover modules
| Module | Pays for | Typical cap |
|---|---|---|
| First-party BI | Downtime revenue | ₹25L–₹5Cr |
| Ransomware | Extortion + restore | Sub-limit of BI |
| Forensic | Investigator fees | ₹5L–₹50L |
| Third-party liability | Client claims | ₹1Cr–₹10Cr |
| PCI-DSS fines | Card data breach | Policy-specific |
Cyber policy sequence
Risk questionnaire
Cloud, MFA, backups, endpoints.
Match contract
Client MSAs cyber minimum SI.
Bind policy
Annual premium on turnover.
IR playbook
Insurer hotline + CERT-In template.
Annual retest
Update questionnaire on stack change.
Incident flow
Cyber policy kit
- MFA proof.
- Backup log.
- Policy schedule.
- IR contact card.
- Client MSA cyber clause.
Need help with Move Planning?
Share your blocker in one line. Our experts will reply with practical next steps.
Personal laptop
Employee devices handling client PII must be in scope — declare WFH policy.
Quick visual
Animated decision map

Community signal
What to watch in real discussions
Search community threads for the exact phrase, then treat repeated complaints as risk signals rather than official advice.
Open nofollow community search ->Interactive checkpoint
Turn this guide into a decision file
0 of 4 checked
Solo freelancer?
SME cyber policies from ₹15k premium — turnover-based.
AWS shared responsibility?
You insure config errors — not AWS infra outage.
DPDP Act fines?
Check if regulatory fines insurable under policy wording.
US client arbitration?
Third-party cover includes defence costs abroad.
Social engineering?
Often sub-limited — buy explicit phishing rider.
With D&O?
Different triggers — cyber for IT events, D&O for board acts.
The plan is only as good as the sequence.
Tax, banking, schools, shipping — they all have dependencies. A wrong order costs months and lakhs. Get it right.