This study considers 44 insurance companies based upon nine lists of the top U.S. insurance companies and finds potential limitations of cybersecurity insurance policies. The authors highlight that organizations rely on insurance as a means of mitigating the financial risk of cyber attack, but fail to adequately address underlying security issues. Meanwhile, insurance policies may not fully address costs of a cyber attack, such as reputational damage or lost intellectual property, making the coverage ambiguous and with insufficient understanding of cybersecurity insurance clients' needs. The immaturity of the cybersecurity insurance market suggests that organizations should view insurance as one component of a broader cybersecurity strategy and prioritize efforts to identify and address security vulnerabilities.