Protecting Business Clients with Cyber Coverage that Lasts the Full Policy Term

How most cyber limits actually work

Many cyber insurance policies are structured around a single aggregate limit that applies across the entire policy term. Once that limit is used, whether through one large loss or a combination of smaller events, there is no remaining coverage available. 

“The policy is typically bound by an aggregate limit, which is the maximum it will pay over the policy period. Once that’s exhausted, there’s no more coverage for the remainder of the year,” explains Erik Tifft, Head of Global Underwriting at BOXX Insurance. 

For example, a $1 million policy can be fully consumed by a single ransomware attack once response costs, downtime and recovery are accounted for. At that point, the client may still have months remaining on their policy, but no meaningful financial protection in place. 

“This structure is not always clearly understood and can leave businesses exposed,” Tifft adds. 

What BOXX means by “First Party Each and Every Loss”

BOXX’s First Party Each and Every Loss structure applies the policy limit to each separate cyber incident within the policy term. After a claim is paid, the full limit is reinstated for the next qualifying event. 

“Each time the insured has a discrete incident, the policy aggregate is reinstated,” says Tifft. “This means all related costs from a single incident are grouped under one limit. Each separate cyber incident is covered independently.” 

In practical terms, a client with a $1 million policy limit can experience two separate $1 million incidents and both would be separately covered up to the limit, Tifft adds. 

One incident includes all related impacts, such as breach response, business interruption and recovery costs.  

Separate incidents are treated independently, even if similar in nature, as long as they’re not part of the same originating event. 

Clients experiencing a loss early in the policy term is now a common scenario, says Tifft, making this distinction particularly important when incidents occur at different points in the policy term.  

“We’ve seen many insureds breached early in the policy period,” Tifft says. “Without this structure, they would be left without coverage for the rest of the year.” 

BOXX’s structure ensures coverage remains available if another incident occurs later in the year, reducing the risk of being left exposed after a major cyber claim.  

For brokers, this is a key differentiator that creates a clear and practical way to demonstrate ongoing value in the policy. 

How Each and Every Loss reflects evolving cyber risk for businesses 

Cyber risk is not limited to a single type of event and businesses can be impacted through multiple channels over the course of a year. 

Businesses in the US are increasingly targeted by more frequent and severe cyber incidents, including ransomware, BEC, invoice fraud, supply chain attacks, phishing and data breaches. 

Research shows 61% of American small businesses reported at least one successful cyberattack in 2025 alone, often leading to significant unplanned expenses. According to the 2025 Verizon Data Breach Investigations Report, small businesses are targeted nearly four times more frequently than large companies. 

In practice, attackers often focus on volume, targeting multiple smaller businesses rather than a single well-defended enterprise. 

 At the same time, Artificial Intelligence is making cyber scams harder to detect, more targeted and easier to scale, increasing the likelihood that businesses will face more than one type of incident within a policy period. 

A company may experience a ransomware attack, followed by a fraud event or a disruption caused by a compromised supplier. These incidents are often unrelated but each can result in significant financial loss. 

“Coverage built around a single aggregate assumes one event, which does not reflect how cyber risk unfolds today,” says Tifft. “Applying limits per incident aligns coverage with how losses actually occur across different scenarios and timeframes.” 

With First Party Each and Every Loss language embedded into each Cyberboxx® Business policy, the available limit applies to each separate occurrence, regardless of where the incident originates, helping ensure coverage remainsavailable across multiple events within the same policy period. 

What brokers should look for in cyber policies

“Policy language has to keep pace with rapidly evolving cyber threats, or it can fail a policyholder when a claim happens,” says Ray Moylan, US Claims Manager. 

Brokers play a key role in helping clients understand not just what is covered, but how coverage responds over time. It’s important to assess whether limits apply per incident or across the full policy period and what happens after a full-limit claim. 

Coverage that appears comprehensive at purchase may not provide meaningful protection if limits are exhausted early.  

Brokers should also evaluate how different types of cyber events are treated within the policy structure and whether separate incidents are addressed independently. 

BOXX’s prevention-first approach provides a clear framework that supports these conversations and helps brokers address gaps clients may not see. 

Cyberboxx® Business is designed to respond to the range of cyber exposures businesses face today, including financial crime and fraud such as invoice fraud, phishing and social engineering. It also extends beyond traditional technology providers to include product suppliers, reflecting how disruptions can originate anywhere across a company’s supply chain. 

Support is backed by BOXX Hackbusters®, who provide immediate expert incident response without requiring a claim or deductible, with costs covered outside the main policy limit. Early reporting can reduce financial impact and may result in the retention being waived (up to $25,000).* 

This approach is supported by a unified base policy form that reduces reliance on multiple endorsements, giving brokers clearer, more consistent coverage to present to clients. Together with the First Party Each and Every Loss structure, this ensures comprehensive all-in-one protection and support that remains available across the policy period. 

Protecting clients with coverage that keeps pace with risk

Cyber insurance is often evaluated at the point of purchase, but its real value becomes clear when more than one incident occurs within a policy period. 

A structure built around a single aggregate limit can leave clients exposed after the first claim, even when coverage was intended to last the full year.  

As cyber risk continues to evolve across multiple entry points, policies need to reflect how losses actually occur in practice. 

“Brokers strongly value partners who understand how cyber risk is evolving and can help support their clients at every stage,” says Moylan.

BOXX’s First Party Each and Every Loss wording approach ensures limits are available for each separate incident, rather than being depleted by a single event. 

This provides a clear way for brokers to explain how coverage works in practice, helping clients understand the difference between having a cyber policy and having protection for the full policy period across multiple claims.