FitSmallBusiness
Fit Small Business offers unbiased, editorially independent content and reviews. We may earn money from partner links. Learn More.

Insurance | Ultimate Guide

Cyber Liability Insurance: Cost & Coverage

Published December 18, 2023

Published Dec 18, 2023

Nathan Weller

WRITTEN BY:
Nathan Weller

TABLE OF CONTENTS

If your business is the victim of a cyberattack, you will have to deal with costly expenses, such as paying for data restoration, investigations, customer notifications, regulatory fines, and legal fees. Cyber liability insurance can help mitigate the cost of the incident and provide legal counsel and defense. Cyber insurance premiums can range from $250 to $2,287 annually.

Cyber Liability Insurance Cost

Like all insurance, cyber liability insurance costs can have a wide range, which depends on several factors, such as the level of risk of your industry or your claims history. For example, a small handyperson business with little customer data stored can expect to pay less than a small accounting firm that stores personal identifiable information (PII) for all of its customers.

Business
Annual Revenue
Coverage Amount
Estimated Average Premium
Restaurant
$450,000
$1 million with $5,000 deductible
$250 to $2,287
Retail
$350,000
$1 million with $2,500 deductible
$575 to $1,405
Information Technology (IT) Consulting
$400,000
$1 million with $5,000 deductible
$800 to $2,229
Ecommerce Business
$200,000
$1 million with $5,000 deductible
$250 to $2,220

Providers assess the risk of insuring a business with cyber liability differently than they would other types of coverage, so the questions are different, too. In addition to the usual questions insurers ask, providers will be interested in parts of your business like:

  • Data storage: Does your business store PII or personal health information (PHI)? If so, then what type of security measures do you have in place to protect the data?
  • Annual revenue: Do you operate a high-revenue (and thus, high-risk) business, wherein customers may be at a greater risk of a breach?
  • Policy terms: How wide do you need your coverage to be? Are you looking to get a policy with higher limits or lower deductibles?
  • IT security: Do you have your own in-house IT department, or do you contract with a third party to run IT and IT security for your business?
  • Data breach: Have you had any known data breaches in the past five years?
  • Protection: What steps, such as multifactor authentication (MFA) or data backup, does your business take to protect your data?

Questions such as these will help the insurer determine the risk of your business and provide an accurate premium for the right cyber coverage.

What Cyber Insurance Covers

Despite the name implying it is for liability, cyber liability insurance coverage is usually divided into two categories: first party and third party. Because the loss is usually digital in nature, the categories differ from a typical commercial property and general liability policy. A cyber insurance policy helps pay the cost of an investigation or a credit monitoring service.

First-party cyber liability insurance covers the expenses from a data breach that your business incurs to investigate the loss and notify anyone impacted. These costs can include:

  • Incident response: Usually includes lawyers, IT professionals, and possibly a public relations (PR) firm
  • Forensic investigation: An independent examination to determine the scope and impact of the event
  • Notification: Most states require you to notify customers when there is a data breach.

Notification methods may include:

    • A call center set up to answer any questions
    • If the compromised data falls under Health Insurance Portability and Accountability Act (HIPAA) guidance, the notification must be done through snail mail and will involve printing and postage expenses
  • Business interruption coverage: If the breach pauses your business operations
  • Extortion or ransomware: Expenses to regain control of your business

Third-party is a liability coverage protecting your business from accusations of negligence that caused harm to other parties. The insurer can provide protection for losses, such as:

  • Attorney fees
  • Fines and penalties; government and private entities, such as the Payment Card Industry (PCI), can fine your business if it is determined your actions contributed to the data breach
  • Settlements or judgments against your business

Although many general and professional liability policies have a form of cyber coverage, business owners need to consider more comprehensive first-party cyber insurance because of the costs involved in investigating the loss and paying to notify anyone affected by the attack. If your business is in the IT or healthcare sector, you are especially at risk for a costly loss.

Let’s say your staffing agency suffers a cyberattack and personnel records, including PII, are obtained and leaked on the internet:

  • First-party cyber liability policy coverage can help you hire an independent forensics expert to determine the extent and impacted parties, pay notification costs to the impacted parties, fund a goodwill campaign for your brand, and help mitigate the lost income while business operations are paused.
  • If the temporary employees file a class action lawsuit, the third-party coverage will help your business retain counsel and attempt to negotiate a settlement within the limits of the policy.

Coverage Options

Many small businesses can get cyber insurance as a standalone policy or by adding it as an endorsement to their business owner’s policy (BOP). Insurers offer different levels and types of coverage as well as endorsements to make the policy right for your business.

Some common insurance endorsements include:

  • Computer fraud
  • Damage to hardware
  • Payment Card Industry (PCI) fines
  • Vendors and off-site computers
  • Paper records

If your business is now remote, it is important to review the policy you have in place to check that it doesn’t need any additions or changes for a remote workforce. Because business needs change, it is always a good idea to review your policy and coverages with your carrier annually.

Why You Need Cyber Liability Insurance

Cyberattacks continue to be in the news; even municipalities, such as the Minneapolis Public School System or the City of Dallas, suffer ransomware attacks. Consider these recent statistics regarding the frequency and cost of cyberattacks and the importance of having cyber insurance coverage:

  • The costs of ransomware recovery are an average of nearly $2 million, with the average cost of a ransom paid at $170,404 (Sophos).
  • Between 2020 and 2021, the number of organizations paying the ransom in a ransomware attack increased from 26% to 32% (Sophos).
  • In 2023, nearly 73% of businesses worldwide reported being victimized by ransomware attacks. This is up from 55% in 2018 (Statista).

Ransomware attacks are not the only costs a small business may face if it suffers a cyberattack. The costs of data breaches continue to rise:

  • In 2023, the cost of data breaches on a company hit an all-time high of $4.45 million. This is an increase of approximately $100,000 since 2022. However, small businesses with fewer than 500 employees saw the cost of data breach increase much more substantially from $2.92 million to $3.31 million or 13.4% (IBM).

Also, cybercrime isn’t just directed toward large, enterprise organizations:

  • 43% of cyberattacks target small businesses. However, the reality may be worse. A separate study found that in the past 12 months, 66% of small businesses had experienced a cyberattack. The reason cyber liability insurance is so important is revealed in the frightening statistic that only 14% are prepared (Embroker).

Small companies with 10 or fewer employees are, unfortunately, suffering cyberattacks too:

  • Over the course of three years, cyberattacks have increased by 36% (Hiscox).
  • Small businesses are beginning to see the importance of protection. In 2023, the median budget for cybersecurity was $8,100 for companies with one to nine employees (Hiscox).

How To Buy Cyber Liability Insurance

You can purchase cyber liability in a variety of ways. Many small business insurance companies now offer cyber liability, so you can reach out to them directly. You can also contact a local insurance agent for assistance in purchasing a policy. You can also reach out to a broker working with multiple companies to shop around for a policy.

If you’re ready to purchase cyber insurance coverage, we’ve done the research to find the best cyber liability insurance companies.

Data Breach Insurance vs Cyber Insurance Coverage

You may think these are the same—but that is not necessarily true. Data breach insurance can be narrower in scope and focused more on the cost and expenses of compromised data, such as if an employee leaves a laptop on the subway.

Meanwhile, cyber liability is usually broader in coverage, including the cost of ransomware and extortion and business income. Many carriers distinguish between the two and, like The Hartford, offer separate policies for both.

Frequently Asked Questions (FAQs)

General liability is a liability coverage that protects your business premises from claims of bodily injury or property damage made by third parties (non-employees). It also provides protection from claims of harm from personal injury or advertising from your business. Meanwhile, cyber liability provides assistance and protection to your business in the event that you suffer a loss related to a cyber incident, whether that is a data breach and accompanying expenses or fines associated with a loss.

Cyber liability and crime insurance are very different coverages, with crime insurance helping your business if it suffers a loss from a crime from your employees or outside entities. Cyber liability, on the other hand, protects your business from data or cyber loss and its accompanying expenses.

Cyber liability doesn’t cover damage to the property your business owns nor does it help any of your employees if they become injured or ill because of the job. For those types of losses, you would need commercial property and workers’ compensation. Cyber liability also doesn’t help your business if your advice leads to harm or a financial loss to a third party—for that, you would need professional liability.

The monthly cost of cyber liability can vary from $20 to $191 a month. The cost depends on the industry, safeguards you have in place for cyber security, claims history, and business size. A larger business with a significant cyber presence or one that stores a lot of personal identifying information should expect to have a higher premium than a smaller business in a low-risk industry.

Bottom Line

The world is increasingly digital, and even brick-and-mortar businesses rely on the internet and cloud storage to ensure their operations run smoothly. Cyber liability insurance protects your business from losses or damage from cyber-attacks and data breaches.

The Hartford is a superb choice for your cyber insurance needs, with cyber liability policies for small and large businesses. Find out how it can help you protect your business.

Visit The Hartford

About the Author

Nathan Weller

Find Nathan OnLinkedIn

Nathan Weller

Nathan Weller is a subject matter expert at Fit Small Business focusing on commercial insurance. He has 15 years of experience in insurance: operations, FNOL, and claims handling. He also helped build a claims department at an insurance start-up. In between his time working at different insurance carriers, he spent 8 years running a small, non-profit organization. Nathan understands the small business daily operations as well as the complexities of insurance.