Cyber liability was once a coverage only large enterprises needed. In 2026, it’s a required coverage for any fiber contractor working on carrier or hyperscaler infrastructure. Zayo requires $5M in Cyber Risk Liability via its Avetta prequalification portal. Hyperscaler data center GCs (DPR, Turner, Skanska, Holder) increasingly require cyber for any sub touching data hall infrastructure. And the coverage matters practically — fiber contractors handle customer network access, install equipment that connects to sensitive systems, and can trigger a cyber claim through a misconfigured splice or an infected laptop connected to a customer’s LAN. Your GL does not cover any of this. This guide covers what cyber liability actually is, why fiber contractors specifically need it, what Zayo and hyperscaler GCs require, and the real cost of coverage in 2026.

In This Guide
01

Why Fiber Contractors Specifically Need Cyber Liability

Ten years ago, no one required a fiber sub to carry cyber. In 2026, it’s a required coverage on most carrier and hyperscaler subcontract work. Three reasons this shifted:

🔌
Customer Network Access

Fiber techs and splicers routinely access customer networks — either physically (patching in), logically (via laptops connected to a customer LAN for testing), or via credential-based access (technician login to network management systems). Each is a cyber attack vector.

💻
Sub Equipment as Attack Vector

Contractor laptops used for OTDR readings, splice documentation, and network configuration are frequently unmanaged and may run outdated software. A compromised sub laptop connected to a customer’s data center network is a real breach scenario — and one that carriers are increasingly refusing to underwrite risk against.

📡
Post-Ransomware Insurance Market

Carrier and hyperscaler risk management teams tightened contractor cyber requirements after multiple high-profile 2023-2025 breaches attributed to third-party vendor compromise. Cyber requirements are now standard on carrier and data center subcontract agreements.

📄
Contractual Indemnity Exposure

Modern subcontracts increasingly include indemnity language shifting cyber breach liability to the sub. Cyber insurance is the coverage that actually responds when that indemnity is invoked. Without it, the sub’s personal balance sheet is directly exposed.

02

What Cyber Liability Insurance Actually Covers

A modern cyber liability policy contains two major coverage sides: first-party (your losses) and third-party (claims against you). Both matter for a fiber contractor.

First-Party Cyber Coverage
Third-Party Cyber Coverage
GL Does Not Respond to Any of This

The standard Commercial General Liability policy contains a cyber exclusion (typically CG 21 06 or a carrier-specific version) that excludes any claim arising from unauthorized access to a computer system, data breach, or data destruction. Cyber events fall entirely to cyber insurance.

03

First-Party vs Third-Party — Why Both Matter

Some cheap cyber policies only include first-party coverage. This is a problem when a prime contractor invokes the indemnity clause of your subcontract after a breach traced to your equipment.

Coverage SideWhat It ProtectsWho Needs It
First-partyYour business from a cyber attack — your data, systems, business continuityEvery fiber contractor
Third-partyYou from claims made by others — primes, customers, regulatorsEvery fiber contractor working under a carrier or hyperscaler subcontract

The Zayo $5M requirement is aggregate — it means $5M limit combined across both first-party and third-party. Confirm your policy allocates limits reasonably between both sides. Some cyber policies default to lower third-party sublimits.

04

Zayo’s $5M Cyber Requirement — What Triggers It

Zayo’s cyber requirement flows from its Avetta Universal Insurance Questionnaire. If you answer “yes” to any of the following triggers, Zayo will require $5M Cyber Risk Liability:

Practically, most Zayo fiber subs will trigger at least one of these. Some sub scopes (basic OSP construction without network commissioning) may not, but the UIQ is answered by your business, not per project — so if any of your crews do this work, the requirement typically applies broadly.

Avetta Detects Cyber Requirement Automatically

Avetta’s Universal Insurance Questionnaire auto-flags cyber requirement based on your answers. You cannot bypass the requirement by leaving the UIQ generic — Zayo’s prequalification team reviews questionnaire completeness. Get $5M cyber lined up before you begin Zayo Avetta registration.

05

Other Prime Cyber Requirements

PrimeCyber RequirementTrigger
Zayo$5MAvetta UIQ — customer network access, dark fiber lighting, commissioning
Crown Castle (now Zayo)$5MSame as Zayo post-acquisition
Hyperscaler data center GCs (DPR, Turner, Skanska, Holder)$1M-$5MAny sub touching data hall infrastructure
AT&T carrier subcontractVaries by scope; $1M-$2M commonOSP alone typically not, network-side yes
Verizon carrier subcontractVaries; increasingly $2MSimilar to AT&T
Enterprise fiber subcontract (banks, hospitals, universities)$1M-$5MContract-specific; almost always required
BEAD-funded projectsVariable; grantee-specificState-level rules
06

Real Cost Ranges for Fiber Contractor Cyber Insurance

Cyber premium is driven primarily by revenue, employee count, and security controls (multi-factor authentication, backup practices, endpoint protection, email security). Typical 2026 ranges for fiber contractors:

LimitSolo / Small (under $500K revenue)Mid ($500K-$3M)Larger ($3M-$10M)
$1M$1,200 – $2,500$2,000 – $4,500$3,500 – $8,000
$2M$2,000 – $4,500$3,500 – $7,500$6,000 – $12,000
$5M (Zayo requirement)$4,500 – $9,000$6,500 – $12,000$10,000 – $22,000

Premium reduction levers: Multi-factor authentication (MFA) on all accounts, endpoint detection & response (EDR) software, backup practices with off-site copies, email security filtering, and documented incident response plan. Underwriters ask about these in a security supplemental — strong answers meaningfully reduce premium.

Get $5M Cyber Liability for Zayo Compliance

Zayo-compliant $5M cyber with first-party and third-party coverage, tied to your GL and umbrella program. Same-day COI to clear Avetta prequalification.

Request a Cyber Quote
07

Frequently Asked Questions

Why do fiber contractors need cyber liability insurance?

Fiber contractors access customer networks, install equipment that connects to sensitive systems, and handle configuration data. Zayo requires $5M cyber via Avetta. Hyperscaler GCs increasingly require cyber for any sub touching data hall infrastructure. GL doesn’t cover cyber events.

Does my General Liability cover cyber?

No. GL policies contain a cyber exclusion (typically CG 21 06) that excludes any claim from unauthorized system access or data breach. Cyber events fall entirely to cyber insurance.

What’s the difference between first-party and third-party cyber?

First-party pays YOUR losses from a cyber attack. Third-party pays claims made against YOU by others harmed by your cyber event. A complete policy includes both. Zayo’s $5M requirement is an aggregate across both.

How much does $5M cyber cost for a fiber contractor?

Typically $4,500 to $22,000 per year depending on revenue and security controls. Strong controls (MFA, EDR, backups, email security) meaningfully reduce premium.

Do I need cyber if I only do underground OSP construction?

Zayo triggers cyber based on customer network access, dark fiber lighting, and network commissioning. If you only do OSP construction and never touch live networks, you may not trigger the requirement. But most fiber subs eventually do — and Avetta’s UIQ is answered per-business, not per-project. If any crew does network-side work, coverage typically applies.

Get Cyber Liability Coverage

$1M, $2M, or $5M cyber liability for fiber, cable, and low voltage contractors. First-party and third-party coverage.

Request My Coverage Quote