FitSmallBusiness
Fit Small Business content and reviews are editorially independent. We may make money when you click on links to our partners. Learn More.

Insurance | Ultimate Guide

Cyber Liability Insurance: Cost & Coverage in 2023

Nathan Weller

WRITTEN BY: Nathan Weller

Published November 18, 2022

Nathan Weller is an Insurance Expert focusing on insurance for small business. He has 15 years experience in insurance operations, FNOL, and claims handling.

Table of Contents
  1. 1 Cost
  2. 2 Coverage
  3. 3 Data Breach Insurance vs Cyber Liability Insurance
  4. 4 Bottom Line

If your business is the victim of a cyberattack, you have to deal with costly expenses from data restoration, investigations, customer notifications, regulatory fines, and legal fees, among others. Cyber liability insurance can help mitigate the cost of the incident and provide legal counsel and defense. The estimated premiums for a cyber liability policy range from $250 to $2,287 annually.

Because of the risk involved with a cyberclaim, it helps to speak with an insurance professional. The Hartford can assess your business and cyber insurance needs and design a customized policy.

Cyber Liability Insurance Cost

Like all insurance, costs can have a wide range largely dependent on the level of risk of your industry and other factors, like your claims history. A small handyperson business with little customer data stored can expect to pay less than a small accounting firm that stores personal identifiable information (PII) for all of its customers.

Business
Annual Revenue
Coverage Amount
Average Premium
Restaurant
$450,000
$1 million with $5,000 deductible 
$250 to $2,287
Retail
$350,000
$1 million with $2,500 deductible
$575 to $1,405
Information Technology (IT) Consulting
$400,000
$1 million with $5,000 deductible
$800 to $2,229
Ecommerce Business
$200,000
$1 million with $5,000 deductible
$250 to $2,220

When getting a quote, be prepared to answer questions like:

  • Data storage: Does your business store PII or personal health information (PHI)? If so, then what type of security measures do you have in place to protect the data?
  • Annual revenue: Do you operate a high-revenue (and thus, high-risk) business, wherein customers may be at a greater risk of a breach?
  • Policy terms: How wide do you need your coverage to be? Are you looking to get a policy with higher limits or lower deductibles?
  • IT security: Do you have your own in-house IT department, or do you contract with a third party to run IT and IT security for your business?
  • Data breach: Have you had any known data breaches in the past five years?
  • Protection: What steps, like multifactor authentication (MFA) or data backup, does your business take to protect your data?

Questions like these will help the insurer determine the risk of your business and provide an accurate premium for the right cyber coverage.

Cost of a Cyber Liability Claim

The insurer Hiscox conducts a yearly Cyber Readiness Report™ that involves a global survey of 5,000 professionals who handle cybersecurity for their businesses, including more than 900 from the United States. The results highlight the serious threat of cyberattacks and the importance of cyber liability coverage.

  • Cyberattacks have increased by 7% since 2021
  • Roughly 47% of all US businesses have suffered a cyberattack in the past 12 months
  • The median cost of an attack has increased from $10,000 to $18,000 this year

Cybersecurity is so important that US businesses are more concerned about an attack than the COVID-19 pandemic or the US labor shortage.

Cyber Insurance Coverage

Coverage is usually divided into two categories: first-party and third-party. Because the loss is usually digital in nature, the categories are different from a typical commercial property and general liability policy. A cyber insurance policy helps pay the cost of an investigation or a credit monitoring service.

First-party cyber liability insurance covers the expenses from a data breach that your business incurs to investigate the loss and notify anyone impacted. These costs can include:

  • Incident response: Usually includes lawyers, IT professionals, and possibly a public relations (PR) firm
  • Forensic investigation: An independent examination to determine the scope and impact of the event
  • Notification: Most states require you to notify customers when there is a data breach.
    Notification methods may include:

    • A call center set up to answer any questions
    • If the compromised data falls under Health Insurance Portability and Accountability Act (HIPAA) guidance, the notification must be done through snail mail and will involve printing and postage expenses
  • Business interruption coverage: If the breach pauses your business operations
  • Extortion or ransomware: Expenses to regain control of your business

Third-party is a liability coverage protecting your business from accusations of negligence that caused harm to other parties. The insurer can provide protection for losses, such as:

  • Attorney fees
  • Fines and penalties; government and private entities, such as the Payment Card Industry (PCI), can fine your business if it is determined your actions contributed to the data breach
  • Settlements or judgments against your business

Although many general and professional liability policies have a form of cyber coverage, business owners need to consider more comprehensive first-party cyber insurance because of the costs involved in investigating the loss and paying to notify anyone affected by the attack. If your business is in the IT or healthcare sector, you’re especially at risk for a costly loss.

Let’s say your staffing agency suffers a cyberattack and personnel records, including PII, are obtained and leaked on the internet. First-party cyber liability policy coverage can help you hire an independent forensics expert to determine the extent and impacted parties, pay notification costs to the impacted parties, fund a goodwill campaign for your brand, and help mitigate the lost income while business operations are paused. If the temporary employees file a class action lawsuit, the third-party coverage will help your business retain counsel and attempt to negotiate a settlement within the limits of the policy.

Coverage Options

Many small businesses can get cyber insurance as a standalone policy or by adding it as an endorsement to their business owner’s policy (BOP). Insurers offer different levels and types of coverage, as well as endorsements to make the policy right for your business.

Some common endorsements include:

  • Computer fraud
  • Damage to hardware
  • PCI fines
  • Vendors and off-site computers
  • Paper records

If your business is now remote, ensure the policy you have in place doesn’t need any additions or changes for a remote workforce. Because business needs change, it’s always a good idea to review your policy and coverages with your carrier annually.

Data Breach Insurance vs Cyber Liability Insurance

You may think these are the same—but that isn’t necessarily true. Data breach insurance can be narrower in scope and focused more on the cost and expenses of compromised data, such as if an employee leaves a laptop on the subway. Meanwhile, cyber liability is usually broader in coverage, including the cost of ransomware and extortion and business income. Many carriers make a distinction between the two and, like The Hartford, offer separate policies for both.

Bottom Line

The world is increasingly digital, and even brick-and-mortar businesses rely on the internet and cloud storage to ensure their operations run smoothly. Cyber liability insurance protects your business from losses or damage from cyber-attacks and data breaches.

The Hartford is a superb choice for your cyber insurance needs, with its cyber liability policies for small and larger businesses. Visit its website today to find out how it can help you protect your business.

About the Author

Nathan Weller

Find Nathan OnLinkedIn

Nathan Weller

Nathan Weller is a subject matter expert at Fit Small Business focusing on commercial insurance. He has 15 years of experience in insurance: operations, FNOL, and claims handling. In between his time working at different insurance carriers, he also spent 8 years running a small, non-profit organization. Nathan understands the small business daily operations as well as the complexities of insurance.