Cyber insurance can protect both large and small businesses against financial damages from a cyberattack. Coverage can be tailored to a plan that best suits a business’s specific needs.
What is cyber insurance?
Cyber insurance, or cyber liability insurance, is not included in a general liability insurance plan and must be purchased separately. But don’t overlook cyber insurance—it can be helpful for companies of all sizes conducting business in an increasingly virtual world.
Data breaches can cause financial losses that would be difficult for any business to recover from, but small businesses with less capital to spare can be especially vulnerable. For example, researchers found that small businesses making $100,000 incurred an average security incident cost of $24,000, which is nearly a quarter of their annual earnings. In comparison, the cost for billion-dollar enterprises amounted to less than 0.1% of annual revenues.
What does cyber insurance cover?
Cyber insurance coverage typically includes several different cyberattack scenarios, as well as the time and labor costs associated with clean-up following a breach. When determining which insurance plan is right for your business, consider the following:
- Potential losses from cyberattacks on your company
A robust cyber insurance plan should cover all types of cyber attacks that could target your company. A recent report found that 60% of all cyber insurance claims are due to ransomware attacks. The same report found that the cost of these attacks has risen in recent years—the average total recovery cost for a single incident is now $1.8 million.
Phishing, social engineering, shoulder surfing, or any other kind of cybersecurity breach should be covered under your plan. This plan should cover not only losses related to stolen company data but also stolen personal information. Make sure your plan covers international attacks as well.
Following a covered data breach, your cyber insurance coverage should include expenses related to:
- Legal counsel
- The recovery and replacement of lost or stolen data
- Notifications to impacted individuals
- Repairs to damaged hardware or software
- Lost income due to business interruption
- The investigation of the event
- Other fees and fines related to the incident
- Vendor data breaches
A strong cyber insurance policy should also protect your business from data breaches that occur within the vendors and companies you do business with. Your insurance plan should cover payments to consumers aﬀected by the breach, expenses related to disputes or lawsuits, litigation and trademark infringement, general accounting costs, and other settlement and damages costs.
- Cost of communications
Most states require that companies disclose data breaches to customers when there’s a risk that personal information was stolen.
Notifying your customers, employees, and vendors about a data breach can be a difficult and expensive process. It’s also necessary to rebuild trust with all of these audiences. Cyber insurance can cover costs associated with the clean-up after a data breach, which could include:
- Hiring an expert to fix company computers
- Delivering mailings related to the cyberattack to customers, employees, and vendors
- Ordering cybersecurity software to protect against future breaches
Some businesses may also want to hire a public relations firm to assist with reputation management, which can cost thousands of dollars per month.
- Recovering the personal identities of affected customers
Customers might not know that a business’s cyber insurance coverage can help them recover their personal identities online following a fraud incident caused by a cyberattack. While most states don’t require companies to assist consumers with services like free credit monitoring, doing so can help rebuild trust among your customers, who will likely be looking for additional support from your company during this time.
- Recovering compromised data
Once data is compromised, it can be extremely difficult to get back. For example, a cybercriminal doesn’t typically hold on to the passwords they steal—those stolen passwords are often sold on the dark web to other bad actors. Not only will cyber insurance cover the costs of this recovery process, but your provider may have connections to experts who can help you sort out the process.
“I like that dark web monitoring lets me know if any of my information has ever been compromised.”Elspeth Moffatt
Director of Communications, CSG
- Repairing damaged computer systems
Malware can wreak havoc on computer systems and make it difficult for you to trust your computers. For example, a virus might instruct the computer to turn off essential functions, such as cooling fans or screen displays. When necessary, cyber insurance should cover any hardware damages resulting from the breach.
6 reasons why cyber insurance is worth it
Cyber insurance should be an easy choice for your business. Here are several reasons why companies opt to protect their business and their customers by adopting a cyber insurance policy:
- Covers the recovery costs of sensitive information
Every business that sells a good or service manages some sort of sensitive information, whether it’s credit card numbers, account numbers, or government identification numbers. Cyber insurance can pay for the costs of recovering this valuable data. This coverage can mitigate costs associated with not only recovery but also monitoring for stolen data.
- Limits damages caused by identity theft
Because cyber insurance covers the recovery of data, it can be a valuable tool in mitigating further damage, such as attempted identity theft targeting your employees or customers. Some insurance brokers offer credit monitoring information, so any unusual changes to a person’s credit score are caught swiftly. They can also provide extra assistance to restore the victim’s credit history.
- Acts as a trusted source
With cyber insurance, you can rest assured that the steps you’re taking are best practices. For example, while communicating with customers is necessary, is it a good idea to issue a press release or post on social media regarding the breach? What about selecting the right security software to implement as part of data breach clean-up? A cyber insurance company will have those answers.
Additionally, there are a lot of laws that companies must comply with once a breach happens, and it can be overwhelming to make sure you’re acting in accordance with the law. A cyber insurance company can guide you through the steps and cover related expenses.
- Helps repair trust with your employees, vendors, and customers
Cyber insurance covers much of the costs associated with recovering lost data, communicating with employees, vendors, and customers, and restoring the personal identities of customers. If a breach does happen, your customers will be looking for help and guidance. With cyber insurance, your business will be better prepared to guide customers through the process of data recovery.
“Our strongest tools are our reputation and relationships.”Chelsea Richardson
Principal, Vice President at Jeffrey Demure & Associates
- Establishes a point of contact in case a breach does happen
Finding a professional to help guide you through a cyberattack can be difficult. Because cyber insurance professionals deal with hundreds of claims each year, they can be a useful first point of contact once you suspect a breach has occurred.
- Offers a breach hotline that’s available throughout the year
Cyber insurance companies can be a strategic partner during the process of identifying and recovering from a cyberattack. Some offer a breach hotline that can be useful after a security incident. If you think you may have gotten hacked, read about what businesses should do after a cyberattack.
Does my business need cyber insurance?
All businesses can benefit from cyber insurance, but certain types of businesses are at a higher risk for breaches:
- Financial institutions
- Real estate agents and brokers
- Healthcare entities, such as clinics or pharmaceutical companies
Even though some businesses are more at risk than others, cyberattacks can affect anyone, whether you manage a restaurant, a yoga studio, a bookstore, or something else.
Cyber insurance coverage can benefit businesses large and small. To determine which plan will stretch the farthest for your business, conduct a cybersecurity audit to pinpoint your needs. These audits will help you identify weak spots in your business’s cybersecurity processes and acquaint you with the specific risks your industry faces when it comes to cyberattacks. While anyone can conduct a cybersecurity audit, you may want to consult a professional to guide you through the process and help you select an insurance plan after your audit is complete.
When should I get cyber insurance?
The best time to start looking for cyber insurance policies is once your business is up and running. Insurance coverage isn’t retroactive, so it’s important to be proactive about getting coverage. However, if your organization has already experienced a data breach, getting cyber insurance can be a great step toward minimizing the impact of potential future breaches.
How much does cyber insurance cost?
Costs of cyber insurance will vary depending on provider, plan, and location, but it’s relatively inexpensive considering the potential cost of the breach. A 2021 study from AdvisorSmith Solution Inc. found that the average cyber insurance cost in 2019 was $1,500 per year for $1 million in coverage, with a $10,000 deductible.
Curious about how strong your business’s cybersecurity is? Learn how to conduct a security audit and determine your risk level.
- Federal Trade Commission, “Cyber Insurance,” 2022