Cyber insurance
For whom?: Tech companies, e-commerce, fintech, personal data handlers — Annual premium: 10,000-200,000 MAD/an
Cyber insurance covers financial consequences of cyberattack: ransomware, data theft, business interruption, victim notification obligations. Emerging market in Morocco but strongly recommended since law 09-08 on personal data protection and GDPR for exporting companies.
Coverage details
Coverage: ransomware ransom (negotiation + payment), system restoration costs, forensic expert, victim notification, CNDP fines, post-attack business interruption (30-90 day ceiling). 24/7 assistance with specialized IT partners.
Legal framework
Law 09-08 on personal data protection (CNDP): notification obligations and sanctions. BAM 2024 banking directive on financial institution cyber-resilience. GDPR applicable to companies processing EU data.
Claim examples
- E-commerce: $50K ransomware demanded, restoration + 15,000 customer notification
- Private hospital: patient file leak, CNDP fine + legal fees
- Digital bank: 72h DDoS, revenue loss + mitigation costs
- Industrial SME: CEO phishing, fraudulent transfer 800K MAD
Exclusions
- Attacks prior to subscription
- Lack of known security updates
- Malicious internal staff acts (separate option)
- Non-quantifiable indirect losses
2026 taxation
100% deductible premium. 20% VAT recoverable. Ransom compensation reintegrated in result but compensated by incurred costs (payment + restoration).
How to subscribe
Mandatory prior cyber audit (often free at AXA and Allianz). Prerequisites implementation (backup, MFA, training). Declaration of processed data types. Acceptance within 30-60 days per risk profile.
Recommended insurers
Ready to take action?
Our official partner AXA supports you. Free comparison in 2 minutes.
Also available