Whether it is a health system, municipal government, or a local small business, the news is increasingly filled with stories of a business suffering a data breach and being hacked. While cyber insurance cannot prevent a hacker from trying to hold your business hostage, it can help your small business respond to a cyberattack and handle the fallout of cybercrime. Cyber insurance is a specialized policy designed for companies to help them be prepared and respond to a cyber incident.
What Is Cyber Insurance?
Cyber insurance is a specialized type of small business insurance. Cyber insurance helps a business that has suffered a cyber incident like cyber extortion or a data breach by providing financial coverage for the loss. Like other types of insurance, it is a risk management tool.
By purchasing a cyber liability policy, a small business transfers the financial burden and risk that comes from a loss to the insurer. This makes it easier for the business to respond when it suffers a cyber-related loss.
Cyber Insurance: A Case Study
According to a study by Delinea, over 62% of US companies have filed a cyber insurance claim in the past 12 months. Of those, 27% filed multiple claims during the same time period.
In December of 2024, Three Brothers Bakery in Houston, Texas, was hit by a social media hack. Its Instagram account, an important pipeline of communication to its over 20,000 followers, was hacked and taken over. The business owner estimates that at this time of year, being locked out of its Instagram account can result in thousands of dollars of lost business income.
Cyber insurance can help a business respond to a loss like that while also making your cash flow stay alive through business interruption coverage.
What Does Cyber Security Insurance Cover?
So, what does cyber insurance cover? Cyber liability insurance is a unique policy in that it offers what’s called first-party and third-party protection for your business. First-party is a loss you directly incur, while third-party is a loss someone else experiences due to some type of negligence on the part of your business.
The majority of the types of coverages listed below are either built into a cyber policy or can be added through an endorsement. First-party cyber insurance coverages include the following:
- Cyber extortion: Maybe the most common type of cyber incident loss is cyber extortion. This is when a bad actor either takes control of a system account or steals important files and then demands money in exchange for the return of control. When shopping for cyber insurance, you will often see it listed as ransomware coverage.
- Forensic investigation: It can be difficult to determine the full scope of a loss. Cyber insurance can pay for an investigation into the loss to determine how much information was lost or what systems were impacted so that you’ll know how to respond appropriately.
- Incident response: Speaking of which, responding to a cyber loss costs money. Incident response can include IT professionals trying to restore the data, lawyers handling any potential lawsuits, and, depending on the type of loss, hiring a public relations (PR) firm to publicly address the issue in a way that protects your brand.
- Business interruption coverage: If the cyber incident results in your business being unable to operate or a significant source of revenue drying up, then this vital coverage helps by providing your business with a source of income for a period of time.
- Notification costs: If you’ve ever received a letter in the mail or an email notifying you that your personal information may have been compromised in a data breach, that notification costs the company something to send. In the example above, let’s say that in the loss of its Instagram account, the company’s 20,000 followers had their personal information compromised; cyber insurance can help with the cost of notifying all of them of the potential risk they now face. Remember that many states require a business to notify impacted parties when personally identifiable information has been compromised. Some companies will call this data breach insurance.
- Systems recovery: Recovering access to your accounts requires hiring a professional who may have to work on the project for days or even weeks. Fortunately, this cost is something that cyber insurance can help cover.
The third-party cyber liability coverage includes help with the following:
- Settlements: If the forensic investigation determines the loss happened because of an employee falling for a phishing scam while also revealing your business never trains your employees in cybersecurity, you could face a lawsuit. In situations like that, cyber insurance coverage can help pay the cost of any settlement or judgment against your business.
- Defense costs: If a loss goes to court, cyber insurance policies will help you by paying for the court costs, including defense and attorney fees.
- Fines: As if a cyber incident loss isn’t bad enough, the government and private organizations like the Payment Card Industry can fine your business if the investigation determines the business contributed to the loss. Fines like this can be costly, but cyber insurance can help pay those costs for your business.
Of course, every insurance company is different. Final coverage will come down to what the policy says, so make sure you review it in depth. The above lists aren’t exhaustive. Many carriers have additional coverages and endorsements to expand what cyber insurance coverage your business may need.
What Cyber Insurance Doesn’t Cover?
As important as it is to know what cyber insurance covers, it is also valuable to understand what it doesn’t cover. Most notably, it will not help with the following types of losses.
Workers’ comp is the closest thing to nationally required commercial insurance. It is required in every state except for Texas and South Dakota. Each state sets the requirements for workers’ comp. This critical coverage helps your employees if they get injured or ill from their job. Note that cyber insurance does not help your employees with job-related physical ailments.
While cyber liability can help you resolve losses that cause harm to other parties, it won’t help your business if a customer comes in to speak with you about a recent slip and fall incident in your store. That type of loss would fall under the premise liability insurance.
If your business has a social media presence or runs digital or radio advertising, then you should know that cyber liability insurance won’t help if someone is upset by the advertisement. If you slander another company or individual and they file a defamation lawsuit against your business, you’ll want to ensure you have personal harm and advertising injury insurance.
If your employee steals from your business, whether by taking something extra from the cash register or setting up an elaborate scheme to embezzle money, cyber liability insurance doesn’t help. For losses from employee theft, your business will need a commercial crime insurance policy.
How to Buy Cyber Insurance Coverage
Shopping for insurance can be overwhelming. That’s why it helps to be prepared and understand your business needs.
Cyber Insurance Coverage Checklist
One way to be prepared is to make a cyber insurance coverage checklist to help guide your thinking and ensure you’re getting the type of policy right for your business. Things to include are as follows:
There is no need to do this alone. There are many great independent brokers and agents out there who know what they’re talking about and can help you navigate the process and find the right policy for your business.
Where to Get Cyber Insurance Coverage
Once you’re ready to start shopping, know you have multiple ways to purchase insurance. You can purchase insurance directly from an insurance company or through an intermediary. The intermediary can either be an agent or a broker.
The advantage of working with an intermediary is that they usually have access to cyber insurance coverage available through multiple insurance companies. This is a great way to save money, but if your business is in a riskier industry or you have some claims history, a broker can usually still help you find coverage.
We’ve researched the best cyber insurance companies and reviewed quotes from them, studied their coverage, and assessed their customer service to determine the best cyber insurance companies.
Frequently Asked Questions (FAQs)
Cyber insurance is a highly specialized policy that helps businesses that have suffered a cyber incident that resulted in harm or loss to the business. It helps with direct losses and liability.
Cyber insurance isn’t necessarily cheap. A standard policy can run between $250 and $2,000 annually. This is an estimate based on quotes for smaller businesses. The cost will vary depending on the size, scope, and industry of your business.
Ransomware is a type of cyber insurance. Cyber insurance provides a number of different coverages to help your business, and one of those is ransomware. Other types of cyber insurance coverage include data breach and business interruption coverage.
Bottom Line
While another business expense isn’t something any business owner looks forward to, cyber insurance is too important to ignore. With cyberattacks happening to large and small businesses at an alarmingly frequent rate, the cost of not having cyber liability coverage is too great.
Simply Business is an online digital broker that exists to help small business companies find the right coverage. Among its many offerings is cyber insurance. In ten minutes or less, you can compare quotes online for free. Or, if you have questions, reach out and speak to a dedicated agent.
