Cyber insurance helps protect businesses against losses resulting from cyber attacks or data breaches. Cyber insurance coverage can include data loss and restoration, extortion, legal fees, and more. The cost of cyber insurance depends upon several risk factors but for most small businesses annual premiums will range from $1,000 to $7,500.
If you’re looking for a cyber insurance policy for your business, reach out to The Hartford. Their team of experts will assess your cyber insurance needs, provide a customized policy at an affordable price. Receive a free, no obligation quote in minutes.
Who Needs Cyber Insurance
Businesses that need cyber liability insurance are not limited to giant retailers like Target or credit agencies like Equifax, all of which have experienced massive data breaches in recent years. Small- and mid-sized companies are also at risk. In fact, some cyber attacks are directed specifically at smaller firms because they can be more vulnerable.
According to Allison Hill, Client Executive at Cobb, Decker, Dunphy & Zimmerman:
“Don’t assume that your company doesn’t have an exposure just because it’s not obvious. If you allow credit card payments, you have an exposure. If you store data at your location, you have an exposure. If you have email, you have an exposure. There exists no business that is truly immune to the potential of a cyber liability claim. Ultimately, you have the choice to buy insurance or self-insure, but recognizing the potential for loss is the most important element of this process.”
According to a cyber readiness report compiled by Hiscox, businesses with fewer than 250 employees devote a smaller proportion of their IT budgets to cyber, compared to larger organizations). In a separate report, the Insurance Information Institute (iii) revealed that 28 million small businesses and their 56 million employees are increasingly vulnerable to cybercrime.
Despite the clear risk to small businesses of all sizes and in all industries, most business owners are only starting to educate themselves about their real risk exposures related to cybersecurity. Similarly, many small business insurance companies are still trying to find the best way to underwrite the cyber policies, making education on the part of the small business owner even more important.
Types of Cyber Insurance Coverage
There are several risks and respective coverage types that are associated with cyber insurance. However, the coverages usually fall under two primary types, which can be categorized as either first-party cyber insurance or third-party cyber insurance. First-party coverage is for losses and damage to the business, while third-party coverage is for losses that an outside entity incurs due to a cyber event.
Cyber Security Insurance Coverage Types
|Business Interruption||Loss of business income due to disruption in business caused by a cyber attack||First Party|
|Computer Fraud||Covers the theft of money, securities and other forms of tangible property due to computer fraud and social engineering schemes||First Party|
|Data Breach Insurance||Claims arising from failure to protect personally identifiable information (PII) and protected health information (PHI) of clients. Includes credit monitoring.||First Party & Third Party|
|Property Damage||Replacement cost of computers damaged by a cyber attack||First Party|
|Identity Theft||Covers various expenses related to the business owner or his or her employees being the victim of an identity theft.||First Party|
|Advertising & Personal Injury||Damage caused by defamation or slander on website or social media||Third Party|
|Transmission of Virus or Malicious Content||Failure to stop the transmission of a computer virus or malicious content||Third Party|
|Errors & Omissions||Loss for failure to provide proper network security||Third Party|
It’s important to note that cyber insurance is still largely an uncharted territory in the insurance world. Therefore, you’ll likely see variations in how different insurance companies underwrite, package, and categorize cyber risk exposures and coverages. For example, some insurance companies may package cyber extortion, theft, damage, and business interruption under one coverage category called Network Security.
Cyber liability coverage can be bought as a standalone policy but most insurance companies will offer coverage as add-ons to a business owner’s policy (BOP) or general liability policy. To understand cybersecurity insurance coverage and data breach insurance, especially as they pertain to small- and mid-sized companies, it’s important to understand the difference between first- and third-party coverage.
First-Party vs Third-Party Cyber Insurance
Businesses are wise to know the differences between first-party cyber insurance and third-party cyber liability insurance. First-party coverage protects against financial loss to you, the business owner, and third-party coverage will cover losses to an outside entity, such as your clients or members of the general public, due to an event for which you are liable.
- First-Party Cyber Insurance: This cyber insurance covers claims related to data breaches and other cyber attacks on your company. Because coverage types within this category can be considered costs and responses of the company, they are sometimes referred to as first-party cost coverage or first-party response coverage.
- Third-Party Cyber Insurance: This covers risks to your customers’ data, including data breaches, and is also used by companies that install or service IT infrastructure for other companies. Because coverage types within this category involve defense and liability, this is also referred to as third-party liability coverage or third-party defense and liability. The majority of claim cost will cover legal fees, judgments, and settlements out of court.
For an example of first- and third-party coverages, let’s say The Happy Shopper is a retail firm that suffers a data breach and the credit card information of their clients is stolen. The Happy Shopper would use first-party coverage to compensate for the cost of business interruption and credit monitoring for their customers. Third-party coverage would be used if one of their customers sued them as a result of the data breach.
Now let’s add another layer to the scenario. Cyber-Plus is an IT firm that is responsible for the data security of The Happy Shopper, who then sues Cyber-Plus for not properly managing the security of their customer database. Cyber-Plus would need third-party coverage to cover the claims arising from the damage to their client, The Happy Shopper.
Cyber Insurance Cost
The cost of cyber insurance for small businesses ranges in annual premium from $1,000 for most small businesses, up to $7,500 or more for mid-sized businesses with higher revenue and a greater number of client records. Therefore coverage costs will vary widely, depending upon other factors including industry type, coverage limits, and network security.
Cyber Insurance Cost & Coverage Limit Examples
|Healthcare IT Provider|
|Small Retail Store|
As you can see, small- and mid-sized companies will see their annual premiums average around $1,000 for $1 million coverage limit. However, several contributing factors and risk exposures, including higher revenue and a higher number of personal records kept, could bring annual premiums closer to the national average of $7,500. Small businesses whose primary business is handling larger firms’ data may see costs as high as $40k per year.
Here are the primary factors that will affect the cost of cyber insurance:
- Industry Type: Some industries, such as finance and health, where personally identifiable information (PII) or personal health information (PHI) are stored in data records, are at greater risk of financial loss due to cyber attack compared to most other industries. Also, information technology (IT) companies that are responsible for data security for their clients’ records will need greater liability protection.
- Type and Amount of Records You Store: Storing records of client information, as opposed to your own information, require greater protection. The more PII or PHI you store, the greater risk and thus the greater coverage you’ll need.
- Annual Revenue: Generally higher revenue for the business will translate into higher risk exposure to the business than lower annual revenue.
- Coverage Limits: Higher coverage limits to protect your risk exposures will drive premium costs higher.
Also, note that most major insurance companies combine insurance coverages together into one bundled package. Most importantly, you’ll want to have a good grasp on your exposure to risk before getting quotes on cybersecurity insurance. If you would like to get more accurate estimates based on your needs, we recommend getting quotes from at least three providers to ensure you an affordable price on the coverage you need.
How to Reduce the Cost of Cyber Insurance
Although the cost of cyber insurance is low in relation to the potential financial damages that your business could incur due to a data breach or cyber attack, you don’t want to pay more than necessary for cyber insurance coverage. Fortunately, there are a few impactful ways to reduce the cost of cyber insurance.
Get the Appropriate Coverage for Your Business
As with most insurance types, the cost of cyber insurance can be reduced by not buying more insurance than you need. For example, if your business doesn’t keep digital records of your clients’ personal information, third-party liability coverage may not be needed. However, first-party coverage types, such as business interruption and property damage will be needed.
Self-Insure With Higher Deductibles
Higher deductibles mean lower premium costs. Once you and your insurance agent or broker determine your greatest risk exposures, you’ll want to think of how much financial responsibility your business can afford and adjust your deductibles to the highest level you can pay in the event of a data breach or cyber attack.
Bundle Insurance Coverage Into One Package
Insurance companies are like most other businesses: they want all of your business and they are willing to reduce the total cost for their clients when several products are purchased. For example, ask about bundling your insurance into a business owners’ policy (BOP) and add cyber insurance coverage into the package. This will reduce your overall cost.
Limit the Risk of Cyber Attack
Cyber insurance is a good investment for mitigating the cost of a cyber attack after it has already occurred. However, taking proactive measures can significantly reduce the odds of being victimized by a cyber attack or data breach and you may be able to reduce the cost of your cyber insurance at the same time.
According to Tom L. Santamorena, Abe Insurance:
“Even if you don’t currently have the resources to bring in an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to a costly cyber attack.”
The 10 steps to reduce the risk of cyber attack are:
- Install, use and regularly update antivirus and antispyware software on every computer used in your business.
- Use a firewall for your Internet connection.
- Download and install software updates for your operating systems and applications as they become available.
- Make backup copies of important business data and information.
- Control physical access to your computers and network components.
- Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
- Require individual user accounts for each employee.
- Limit employee access to data and information, and limit authority to install software.
- Regularly change passwords.
- Train employees in cybersecurity principles.
Where to Get Cyber Insurance
You can get cyber insurance through an insurance agent or insurance broker. Agents typically represent one agency, whereas brokers may represent multiple agencies and they may have broader knowledge compared to agents. Also, make sure the insurance company you choose is highly knowledgeable of the cybersecurity insurance market and capable of helping you implement proactive protections.
1. Insurance Agents
When searching for cyber insurance through an agent, you are typically dealing directly with one insurance company. Specifically, a captive agent only offers products from the insurance company they represent. Independent agents represent multiple insurers. Keep this in mind and be sure to get quotes from at least three different insurance companies to get a good idea of the right coverage at the right price for you.
2. Insurance Brokers
Insurance brokers represent you, the client, and can get quotes from multiple insurance companies. This means a broker can help you find the best cyber insurance coverage for you by searching the marketplace for the best value at top-rated agencies. When selecting a broker, be sure to find one that has experience working with several different insurance companies with knowledge of your industry.
Getting the ideal cyber insurance for your business can be a relatively simple process if you’re working with the right insurance agency. During your search for the best policy, be sure to speak to a reputable insurance agency. Find an agent who’s pricing is competitive and who offer a free quote. We recommend getting at least 3 quotes before making a purchase.
According to Jeff Somers, President, Insureon:
“Brokers also have an opportunity to steer customers towards appropriate cyber security software solutions and to recommend best practices with regards to information protection, network security and employee training.”
How to Get Cyber Insurance
When shopping for cyber insurance, it’s smart to get at least three quotes from different insurance agencies. You can get quotes directly from the agencies through their respective agents. But an insurance broker with access to several agencies can shop policies for you and help in the process of selecting the best cyber insurance for you.
Here are the two steps to get cyber insurance:
1. Gather Your Information
Before applying for cyber insurance, and to get the most accurate quotes on rates and coverage limits, you’ll need to provide as much information as you can up front. This information will help determine your cyber risk exposures and the appropriate coverage limits, which will help determine how much you’ll pay in premium.
Here’s the information to have ready before applying:
- Business contact information
- Annual revenue (financial statements)
- Number of PII (personally identifiable information) records you store
- Number of PHI (personal health information) records you store
- Products you sell or provide to your clients
- Claims history (at least the past 3 years)
- Network security protections, policies, and procedures
The industry you are in will be a big factor for the annual premium because insurance companies know that some industries are more vulnerable to cyber attack than others. The annual revenue of your company is a leading factor because higher revenue makes you a greater target for cybercriminals. Similarly, more client records increase risk and premium.
2. Find a Broker & Apply
Insurance brokers typically work with several different insurance agencies, which means they can find the best insurance company to fit your needs. Using a broker may add some additional costs to your premium but they can show value by shopping for competitive rates and by sharing their knowledge and experience with you.
Cyber insurance has been described as The Wild West of insurance because it is relatively new to the marketplace and there are no industry-wide standards in place, as with the conventional coverage types, such as commercial liability insurance. Therefore, it’s wise to begin your search for cyber insurance by getting several quotes to make sure you have the coverage you need at a reasonable price.
Almost every business is a candidate for cyber insurance. If your business relies on information technology or stores client personal information, you are at risk. Loss of income, high legal fees, and damage to your reputation can be detrimental to your business. It’s wise to protect what you’ve built by investing in cyber insurance.
Whether they think they are at risk of a cyber attack or not, every business owner, should speak with an expert to discuss risk exposures to their business. We recommend talking to the experts at The Hartford. They can provide your business with a free, no obligation quote in minutes.