The Future of Cyber Coverage? Policies That Evolve Faster Than the Threats 

In the world of cybercrime, change is the only constant. As threat actors become more and more sophisticated in their attacks, an organization’s coverage has to similarly keep pace. After all, policies that may have protected a company 10 years ago are comparatively archaic in today’s landscape – and relying on outdated cyber coverage could put a company at risk, considering how quickly digital risks are evolving.

Having a cyber insurance policy that keeps up with both market trends and threat actors’ approaches is a surefire way of keeping businesses secure in the months and years to come. That’s where BOXX Insurance comes in. Their dual approach, a blend of human expertise and ongoing product transformation, means that customers enjoy the peace of mind that whatever attacks are out there, BOXX has them covered.

NextGen Cyber: Coverage that keeps up

And, as part of their commitment to product evolution, BOXX recently added two new policy endorsements within their commercial cyber offering, Cyberboxx® Business;

First Party Each and Every Loss 

a. First party insuring agreement limits are reinstated after each cyber incident with no aggregate.

b. For the Financial Crime and Fraud Insuring Agreements, we will pay four times the amount of the aggregate. Assuming four limit losses, this is giving the insured up to a $250K/$1M limit for Financial Crime and Fraud.

Outsourced Provider Amendatory 

a. Affirms coverage for providers beyond tech service providers and business services to also include product suppliers; coverage for contingent business interruption (CBI) is for the full supply chain.

Speaking to Insurance Business, Erik Tifft, Head of Products at BOXX Insurance, revealed that these new endorsements are reflective of BOXX’s commitment to having the best all-in-one cyber insurance and protection coverage.

“First Party Each and Every Loss means that when you have a first-party cyber incident on our form, we’ll reinstate the aggregate limits each time you have a loss,” added Tifft. “If you have a $1 million limit, the next day after we pay the million dollars – you now have another million dollars available for a new incident.”

The inspiration behind this new policy was born out of market misconceptions – namely that insurers don’t necessarily provide coverage when there’s a claim.

“A policyholder might have a cyber incident early in a policy period and have a separate cyber incident later on in the policy period. Each separate cyber incident now has a full aggregate limit available to support the policyholder. Our goal is to provide complete cyber coverage.”

And, in regards to their Outsourced Provider Amendatory, the gist of this update was to expand that from covering a service provider who the insured depends upon to someone providing services or products.

“The reality is we have insureds that are maybe not as service dependent but might have supply chain issues if there’s a cyberattack,” added Tifft. “[Essentially] it’s business interruption coverage. At BOXX, we want to make sure that if there’s a claim, our insureds are protected. We saw some room to improve our product language and ensure that if a product being delivered to our insured was impacted, our insured is protected for their loss of business income.”

Constantly evolving threats in cyber

And this added layer of protection can’t come soon enough. According to data from Microsoft, there’s 600 million cyberattacks per day, with 54 people falling victim every second. And for businesses, almost six in 10 have suffered a ransomware attack in 2025 alone. In the face of such data, organizations need to level-up.

“At BOXX, we understand that insurance is a tool for risk management strategy,” added Phil Baker, BOXX’s Chief Underwriting Officer. “It’s not just about insurance, risk management here is critical because digital risks are evolving at a fast pace.”

During his career in insurance, Baker has worked across different fields and products. Cyber, he told IB is the one of the few that has to deal with constantly emerging and evolving risks – something that keeps the team on their toes.

“If you look at property, are there really new and emerging threats generally coming out of that field? Probably not. The severity of those threats may change but they’re not new threats. Whereas in the cyber space, there’s new threats constantly coming out – it’s up to us to figure out how we identify them, how we mitigate them and how we communicate them. From there we have not just stay in tandem with those risks, we must get ahead of them.”

‘We want our clients to have the best cyber protection’

Looking ahead to what the future holds for both BOXX and their coverage, Baker is clear that their constantly moving approach to cyber coverage will always remain central to their core values.

“We want our clients to have the best cyber protection,” added Baker “That’s done by having both the risk management approach with our Hackbusters team – the virtual CISO who gets involved to help mitigate exposure before we have a breach with a client – as well as making sure the coverage is robust. It must handle all the particular scenarios that’re reasonably within scope of what our insurance is intending to cover.”

Because over time the reality is that new technology will emerge as will new vectors for attacks. As Baker told IB, BOXX is there evolving alongside these changes.

“While the intent might be there to cover something, at BOXX we make sure the verbiage is there too. Our goal is to always move the ball forward to make sure that our form is always saying what we intended it to say. Ultimately, we’re selling a promise to our insured – and we want to make sure our promise is strong, straightforward and accessible.”