Cyber Insurance
Quotes NZ
Start your quote

About this review: Information on this page is drawn from publicly available sources, the insurer's own published documentation, and the market knowledge of First Commercial Insurance Brokers Ltd (FSP748591). It is general information and is not personalised financial advice.

Star ratings, response-time figures, premium ranges, and case examples shown on review pages are illustrative — actual coverage, eligibility, claim handling, and pricing depend on your business circumstances and the insurer's policy wording at the time of quoting. Always read the policy document before purchasing.

Last reviewed: June 2026 · FCIB Disclosure Statement

Delta Insurance logo

Delta Insurance cyber insurance

NZ-owned cyber + financial-lines specialist. Underwritten on behalf of Lloyd's Syndicates. Active on the FCIB / Insurance Advisernet NZ cyber panel. Cyber product family: CyberPro.

Legal entity
Delta Insurance New Zealand Limited
RBNZ financial-strength
See RBNZ Insurance register
Primary website
www.deltainsurance.co.nz

Delta Insurance cyber products

Delta CyberPro

active

Published product page →

Verified policy facts (sourced from 2026-05-18)
{
  "exclusions": [
    "any failure or malfunction of electrical or telecommunications infrastructure or services; provided, however, that this Exclusion shall not apply to any otherwise covered Claim or Loss arising out of failure of Network Security to prevent a Breach that was solely caused by a failure or malfunction of telecommunications infrastructure or services under the Insured's direct operational control",
    "any act of terrorism regardless of any other cause or event contributing concurrently or in any other sequence to the loss or any action taken in controlling, preventing, suppressing or in any way relating to any act of terrorism; provided, however, that this Exclusion shall not apply to cyber terrorism",
    "war, invasion, acts of foreign enemies, hostilities (whether war be declared or not), civil war, rebellion, revolution, insurrection, military or usurped power or confiscation or nationalisation or requisition or destruction of or damage to property by or under the order of any government or public or local authority",
    "any impact to the air, soil or water resulting from the discharge, dispersal, seepage, release or escape of any solid, liquid, gaseous, biological, radioactive or thermal irritant or contaminant whether occurring naturally or otherwise, including smoke, vapour, soot, fibres, germs, viruses, fumes, acids, alkalis, chemicals, waste, and other toxic or hazardous substances, sound, noise, smell, vibration, waves or changes in temperature",
    "Bodily Injury or Property Damage; provided, however, that this Exclusion shall not apply to Loss from any Claim under Insuring Agreement 1.4: (a) alleging emotional distress, mental injury, mental tension or mental anguish allegedly caused to a natural person by a Breach; or (b) loss of Personal Data or Digital Assets or loss of use thereof allegedly caused by a Breach",
    "transfer of, or the failure to transfer, funds, money or securities; provided, however, that this Exclusion shall not apply to Insuring Agreement 1.3.1",
    "unsolicited electronic dissemination of faxes, e-mails, text messages or similar communications to actual or prospective customers of the Company, or to any other third party, including but not limited to any violation of any anti-spam statute, or any law or regulation relating to a person's or entity's right of seclusion",
    "any infringement of patent or the misappropriation, misuse or disclosure of confidential and proprietary business information or trade secrets, other than a Network Security Breach, Confidentiality Breach or Privacy Breach",
    "any actual or alleged violation of any law, regulation or rule (whether statutory or common law) relating to the ownership, purchase, sale or offer of, or solicitation of an offer to purchase or sell, securities; provided, however, that this Exclusion shall not apply to Insuring Agreement 1.3.1",
    "expiration or withdrawal of technical support by a software vendor; provided, however, that such expiration or withdrawal has been publicly announced by the software vendor for over sixty (60) days",
    "any dishonest, fraudulent, criminal, malicious or intentional act or omission, or any wilful violation of any statute, rule, or law, by an Insured, if an admission, final adjudication or finding establishes that such act, omission or violation occurred; provided, however, that this Exclusion shall not apply to any Employee",
    "any gaining by an Insured of any profit, remuneration or advantage to which such Insured is not legally entitled, if any admission, final adjudication or finding establishes that such Insured was not legally entitled to such profit or advantage or that such remuneration was improper or illegal; provided, however, that this Exclusion shall not apply to any Employee",
    "any fact, circumstance, situation, transaction, event or Breach: (a) underlying or alleged in any prior and/or pending litigation or administrative or regulatory proceeding of which the Insured had received notice prior to the Continuity Date; (b) which, prior to the Continuity Date, was the subject of any notice given by or on behalf of the Insured under any other policy of insurance; or (c) which was known to the Insured prior to the Continuity Date and could reasonably be expected to give rise to a Claim",
    "arising out of or resulting from any contractual liability or obligation, or arising out of or resulting from breach of any contract or agreement, either oral or written; provided, however, that this Exclusion shall not apply to: (a) the extent the Insured would have been liable in the absence of such contract or agreement; or (b) Insuring Agreements 1.2 and 1.4",
    "any cover; or liability of the Underwriters to pay any claim or provide any benefit, to the extent that doing so would expose the Underwriter to any legally enforceable sanction, prohibition, restriction, measure, ban or imposition under the laws or regulations of New Zealand, Australia, the United Kingdom, the European Union, the United States of America and/or the United Nations",
    "loss or destruction of or damage to any property whatsoever or any loss or expense whatsoever resulting or arising therefrom or any consequential loss",
    "any legal liability of whatsoever nature, directly or indirectly caused by or contributed to by or arising from: (a) ionising radiations or contamination by radioactivity from any nuclear fuel or from any nuclear waste from the combustion of nuclear fuel; or (b) the radioactive, toxic, explosive or other hazardous properties of any explosive nuclear assembly or nuclear component thereof"
  ],
  "claims_basis": "Claims made and notified: coverage applies to Claims first made against the Insured during the Policy Period or any applicable Extended Reporting Period, and reported to the Underwriters in accordance with the terms of this Policy. An Extended Reporting Period of 12 months may be purchased upon non-renewal. Notice must be given no later than thirty (30) days after the Expiration Date of this Policy.",
  "pci_dss_fines": "Covered under Insuring Agreement 1.4.4 (PCI DSS Cover): 'The Underwriters shall pay on behalf of the Insured, the Loss from any Claim by a Card Payment Provider for breach of the PCI DSS which is first made against the Insured during the Policy Period or any applicable Extended Reporting Period.' Loss includes fines and penalties assessed pursuant to any law for PCI DSS. Card Payment Provider means any payment card association including but not limited to MasterCard, Visa and American Express. PCI DSS means any data security standard published by the Payment Card Industry Security Standards Council. Subject to a Sublimit of Liability as specified in Item 5 of the Schedule.",
  "sublimits_nzd": {},
  "deductible_nzd": "The Excess applicable to each Insuring Agreement as set forth in Item 4 of the Schedule shall apply to each and every Claim or other matter giving rise to coverage under each Insuring Agreement. A single Excess amount shall apply to all Loss from all Related Claims. No Excess shall apply to Insuring Agreements 1.1.2, 1.1.4 and 1.1.5, unless otherwise specifically set forth in Item 4 of the Schedule.",
  "cyber_extortion": "Covered under Insuring Agreement 1.3.2 (Network Extortion Coverage). Network Extortion means a credible threat or connected series of credible threats by an individual to commit or continue an attack on the Company's Network, or to disclose Personal Data or confidential and proprietary information obtained through a breach of Network Security, for the purpose of obtaining payment from the Insured. Coverage pays 'any amount which the Insured actually pays to any person or entity, including for services to avoid, defend, preclude or resolve a Network Extortion.' This is distinct from but related to the Business Interruption and Data Forensic coverages. Prior written consent of Underwriters required. Sanctions exclusion (4.15) applies. Subject to a Sublimit of Liability as specified in Item 5 of the Schedule.",
  "data_restoration": "Covered under Insuring Agreement 1.1.3 (Costs to Restore) for Network Attack, and under Automatic Extension 2.7 for Network Failure. Costs to Restore means reasonable and necessary costs to: (a) research, replace, restore or re-collect Digital Assets from written records or from partial or fully matching electronic data records due to their corruption, deletion or destruction; or (b) repair, restore or replace Hardware Assets that have been destroyed, damaged, altered, distorted, erased or lost. If Digital Assets cannot be replaced, restored or re-collected, or Hardware Assets cannot be repaired, restored or replaced, costs are limited to the reasonable and necessary costs to reach that determination. Subject to a Sublimit of Liability as specified in Item 5 of the Schedule.",
  "territorial_scope": "This Policy applies to: (a) Breaches or any other matters which give rise to coverage under this Policy which take place anywhere in the world; and (b) Claims brought against the Insured anywhere in the world. However, where a different Territory and Jurisdiction is noted in item 9 and item 10 of the Cyber Insurance Policy Schedule, the Policy Schedule shall prevail. Sanctions exclusion (4.15) limits coverage where payment would expose the Underwriter to any legally enforceable sanction, prohibition, restriction, measure, ban or imposition under the laws or regulations of New Zealand, Australia, the United Kingdom, the European Union, the United States of America and/or the United Nations.",
  "notification_costs": "Covered under Insuring Agreement 1.1.4 (Breach Response Costs) for Network Security Breach, Privacy Breach or Confidentiality Breach. Breach Response Costs means reasonable and necessary costs for: (a) Notice Services (notification to Affected Persons, third parties or Regulators pursuant to any applicable Breach Notification Law or voluntary notification, including printing, mailing and postage); (b) Call Centre Services; (c) Credit Monitoring Services (triple-bureau credit monitoring); and (d) Identity Theft Resolution Services. Breach Notification Law expressly includes the New Zealand Privacy Act 2020. Covered also under Insuring Agreement 1.1.2 (Breach Consultation Costs) for legal advice on notification obligations and compliance with legal requirements owed to Affected Persons, third parties or a Regulator (retaining a qualified law firm approved by the Underwriters). Subject to Sublimits of Liability as specified in Item 5 of the Schedule. No Excess applies to Insuring Agreements 1.1.2 and 1.1.4 unless specifically set forth in Item 4 of the Schedule.",
  "regulatory_defence": "Covered under Insuring Agreement 1.4.2 (Regulator Liability): 'The Underwriters shall pay on behalf of the Insured, the Loss from any Claim first made by a Regulator against the Insured during the Policy Period or any applicable Extended Reporting Period, and reported to the Underwriters in accordance with the terms of this Policy, arising from any Breach.' Loss includes fines and penalties assessed pursuant to any law for Privacy Breaches, Confidentiality Breaches or the PCI DSS, and Defence Costs. Also covered under Insuring Agreement 1.4.3 (Investigation Liability) for internal investigations conducted in response to a Regulator request, to assess or prepare a Report, or in response to a Report. Regulator means any official or public body with the responsibility to enforce data protection legislation. Subject to Sublimits of Liability as specified in Item 5 of the Schedule.",
  "social_engineering": "Covered under Insuring Agreement 1.3.1 (Hacker Theft Cover): Hacker Theft Loss (Funds wrongfully or erroneously paid by the Insured) sustained as a direct result of Hacker Theft, defined as 'any third party's targeted intrusion into the Company's Network which results in fraudulent and unauthorised deletion or alteration of data contained in the Company's Network.' The transfer of funds exclusion (Exclusion 4.6) does not apply to Insuring Agreement 1.3.1. Discovery must be made during the Policy Period by specified senior personnel. No explicit call-back verification requirement stated in the wording. Subject to a Sublimit of Liability as specified in Item 5 of the Schedule.",
  "aggregate_limit_nzd": "The Limit of Liability for this Policy, as set forth in Item 3A of the Schedule, is the Underwriters' maximum liability under all Insuring Agreements combined.",
  "pr_crisis_management": "Covered under Insuring Agreement 1.1.5 (Public Relations): Public Relations Expenses incurred in connection with a Public Relations Event (publication of unfavourable information relating to Breaches affecting an Insured). Expenses include amounts for services by a public relations firm, crisis management firm or law firm selected by the Insured, which has been approved in advance in writing by the Underwriters, and reasonable and necessary printing, advertising, mailing and travel costs. Insurer-panel approval required (firm must be approved in advance in writing by the Underwriters). Also covered under Automatic Extension 2.4 (Personal Reputation Cover) for Personal Public Relations Expenses for past or present Executive Officers. Subject to Sublimits of Liability as specified in Item 5 of the Schedule. No Excess applies to Insuring Agreement 1.1.5 unless specifically set forth in Item 4 of the Schedule.",
  "waiting_period_hours": "The number of consecutive hours specified in Item 5 of the Schedule that immediately follows the Insured's communication of notice of a Network Attack (under Insuring Agreement 1.2) or Network Failure (under Automatic Extension 2.7, if applicable) to the Underwriters in accordance with Section 5.7, and shall apply to each Period of Restoration.",
  "business_interruption": "Covered under Insuring Agreement 1.2 for Network Attack, and under Automatic Extension 2.7 for Network Failure. Business Interruption Costs means Extra Expense plus loss of Business Income (net profit or loss before income taxes) calculated per Condition 5.6. Period of Restoration begins when the Waiting Period expires and ends on the earlier of: (i) the date the Insured resumes, or could in due diligence have resumed, Business Operations substantially to pre-incident levels; or (ii) 120 consecutive days after expiration of the Waiting Period. Waiting Period is specified in Item 5 of the Schedule. Business Interruption Costs exclude fines/penalties, legal costs, betterment, contractual liquidated damages, and decreases in revenue caused by unfavourable business or economic conditions.",
  "forensic_investigation": "Covered under Insuring Agreement 1.1.1 (Data Forensic Expenses): 'reasonable and necessary costs incurred by or on behalf of the Insured to retain a qualified forensics firm, approved by the Underwriter, to investigate, examine and analyse the Company's Network to determine the cause and source of the unauthorised misappropriation, mishandling, loss or disclosure of Personal Data or the unauthorised release of confidential and proprietary business information and the extent to which such Personal Data and the confidential and proprietary business information was accessed.' Insurer-panel forensics required (firm must be approved by the Underwriter). Subject to a Sublimit of Liability as specified in Item 5 of the Schedule.",
  "ransom_payment_covered": "Covered under Insuring Agreement 1.3.2 (Network Extortion Coverage): 'Any amount which the Insured actually pays to any person or entity, including for services to avoid, defend, preclude or resolve a Network Extortion which first occurs during the Policy Period and is reported to the Underwriters in accordance with the terms of this Policy.' Subject to a Sublimit of Liability as specified in Item 5 of the Schedule. Prior written consent of the Underwriters is required as a condition precedent to incurring any amounts covered under this Policy (Condition 5.7.4). Sanctions exclusion applies under Exclusion 4.15.",
  "retroactive_date_rules": "The Policy uses a Continuity Date (Item 7 of the Schedule). Exclusion 4.13 excludes any fact, circumstance, situation, transaction, event or Breach: (a) underlying or alleged in any prior and/or pending litigation or administrative or regulatory proceeding of which the Insured had received notice prior to the Continuity Date; (b) which, prior to the Continuity Date, was the subject of any notice given by or on behalf of the Insured under any other policy of insurance; or (c) which was known to the Insured prior to the Continuity Date and could reasonably be expected to give rise to a Claim. Coverage for Subsidiaries only applies to Breaches committed or allegedly committed during the time such entity is a Subsidiary."
}

Get a cyber insurance quote

FCIB (FSP748591) compares cyber cover from Delta Insurance alongside the rest of the panel. Free, no obligation.

Get a Quote →