Endorsements

Ransomware endorsements in admitted cyber products

Coverage intent

A ransomware endorsement is a filed endorsement that names ransomware and modifies the cyber product without being an exclusion form.

Coverage impact

Ransomware endorsements show whether carriers are treating ransomware as affirmative coverage, a separate limit, a coinsurance problem, or a defined cyber event.

Where this language appears

Matching form records, product lines, state activity, and recent examples for this coverage language.

Matching form records

Recent records

Product submissions

Companies

Sample form language

A representative form excerpt for this topic, with the form number and edition date shown the way insurance teams usually identify versions.

Selected form

Ransomware Sublimit Endorsement

Form #: PRIME 100PRO 026 11 22

Palomar Specialty Insurance Company

Cyber Liability

MA | Dec 23, 2025

This endorsement caps ransomware-related loss and defense expense across breach, extortion, data restoration, business income, and cyber liability insuring agreements.

Ransomware loss and defense expense cap

3. Ransomware Sublimit of Insurance

The most We will pay for all covered Loss and Defense Expenses under Insuring Agreements 1 - Cowbell Breach Fund, 2 - Extortion Threats and Ransom Payments, 3 - Replacement or Restoration of Electronic Data, 4 - Business Income and Extra Expense, and 6 - Cyber Liability for any Security Breach, Cyber Incident, Extortion Threat, or Claim directly or indirectly based upon, attributable to, or arising out of:

    i.  Ransomware; or
    ii. a demand for a Ransom Payment

is the Ransomware Aggregate Sublimit of Insurance shown in this endorsement, which is part of, and not in addition to, the Policy Aggregate Limit of Insurance. Upon exhaustion of any Ransomware Aggregate Sublimit of Insurance by such payments, We will have no further obligations or liability of any kind with respect to Loss or Defense Expenses subject to such Sublimit of Insurance.

Selected excerpt from this form.

Notable language points

  1. 01Caps both loss and defense expense, which makes the sublimit broader than a narrow ransom-payment cap.
  2. 02Applies across multiple cyber insuring agreements, including extortion, data restoration, business income, breach response, and cyber liability.
  3. 03Makes the ransomware sublimit part of the policy aggregate limit rather than extra limit.

Example form names

Ransomware Event Sublimit Endorsement

An endorsement pattern that separately caps ransomware event loss inside a cyber product.

Ransomware Sublimit Endorsement

A direct endorsement name used when the carrier wants the sublimit visible as a policy modification.

Cyber Extortion Threat Aggregate Sublimit

A related pattern where ransomware exposure is handled through cyber extortion wording or aggregate limits.

Cyber Extortion Loss Amended - Pay Or Reimburse

A cyber extortion endorsement pattern that can affect whether the policy pays directly, reimburses, or limits extortion-related loss.

Related insurance form pages

Related FilingFocus research

Related coverage topics