Cyber insurance has historically focused on attacks by external actors who infiltrate company systems through stolen credentials, software vulnerabilities or social engineering.