Cyber liability insurance protects businesses from losses or damage caused by cyberattacks and data breaches. These expenses can include data restoration, extortion, legal fees, and regulatory fines. Costs vary depending on your risk factors and the coverage you choose, but most small businesses’ annual premiums range from $750 to $8,500.
Insurers like The Hartford will assess your cyber liability coverage needs and provide a customized policy at an affordable price. The streamlined process can take minutes, and you’ll receive a free quote at the end.
What Is Cyber Insurance?
Cyber insurance is a policy designed to help businesses survive data breaches by covering the liability and property losses that follow. Coverage is further split into two categories. First-party cyber insurance coverage pays for costs your business incurs while third-party coverage is for losses your customers or clients incur in a cyberattack.
Small business owners usually need first-party cyber insurance when they store customer data, often in the form of credit card numbers or email addresses, or have proprietary information stored as electronic data. Information technology (IT) businesses that are responsible for safe data storage, such as software developers and database administrators, need third-party coverage.
What First-party Cyber Liability Insurance Covers
First-party cyber liability insurance covers expenses related to data breaches and other cyberattacks on your company. These costs may include:
- Client notification
- Credit monitoring services for your business
- Forensic services to identify the source
- Public relations campaigns and goodwill marketing
- Lost income if your business has to pause operations
- Ransom in the case of cyber extortion
Any business owner who stores, sends, or receives electronic data should consider getting first-party cyber insurance coverage to help pay expenses if a cybercriminal infiltrates their network.
Example: A shopkeeper downloads an application from a phishing email that allows a cybercriminal access to her customers’ credit card information. She files a claim on her first-party cyber insurance coverage that helps her notify her clients of the breach.
What Third-party Cyber Liability Insurance Covers
Third-party cyber liability insurance covers your responsibility for securing your network and is typically triggered by accusations that your business failed to prevent a virus or disclosure of confidential information. Standard cyber liability can also cover accusations that you defamed someone online. If one of these things happens to your business, your insurer pays costs like:
- Attorney’s fees
- Settlements or judgments against your business
- Government fines and penalties
- Defense before regulatory boards
Companies that install or service IT infrastructure for other companies to pay are types of businesses that typically purchase cyber liability insurance, although some tech professionals find coverage in their errors & omissions (E&O) insurance. Other business owners also may need it, including retailers, accountants, and insurance agents.
Example: After the same data breach, the shopkeeper’s customers file a class-action lawsuit. The shopkeeper’s legal fees, including any settlement or judgment, are typically covered by her third-party cyber insurance.
Do Small Businesses Need Cyber Liability Insurance?
Businesses that need cyber liability insurance are not limited to large organizations like Marriott and Microsoft, both of which announced massive data breaches in early 2020. Small- and midsized companies are also at risk. Many cyberattacks are directed specifically at small businesses because they can be more vulnerable, and there’s evidence these attacks are intensifying.
The most recent cyber readiness report from business insurer Hiscox reports of cyberattacks on :
- Small businesses went up from 33% to 47%
- Medium-sized businesses went up 36% to 63%
Moreover, the COVID-19 pandemic may be contributing to an even greater uptick in cybercrime. Insurers are citing the increase in at-home workers, the number of small businesses adding digital services, and an upsurge in phishing attacks impersonating government agencies like the Centers for Disease Control and Prevention (CDC) as areas of concern.
According to Allison Hill, Client Executive at CSDZ, a construction risk management company:
“Don’t assume that your company doesn’t have an exposure just because it’s not obvious. If you allow credit card payments, you have an exposure. If you store data at your location, you have an exposure. If you have email, you have an exposure. There exists no business that is truly immune to the potential of a cyber liability claim. Ultimately, you have the choice to buy insurance or self-insure, but recognizing the potential for loss is the most important element of this process.”
Despite the clear risk to businesses of all sizes and industries, many small business owners lag behind in cybersecurity. This makes cyber liability an essential business insurance policy.
Top Cyber Liability Insurance Providers
Comparing cyber insurance coverage from multiple providers
|Business owners who want broad cyber coverage added to a BOP.|
Reducing costs through cybersecurity training
Industry-specific in-depth risk analysis and assistance
Professional service firms, including accountants, architects, engineers, and lawyers, looking for customizable coverage
Last updated on 04/28/2020.
Cyber insurance is still relatively new. However, the steady rise of cyberattacks and the standardization of coverage has resulted in more insurers carrying products for businesses of all sizes. Small business owners may still have a hard time finding affordable coverage, so our list of top companies include small business specialists and brokers who can quote multiple carriers.
As an online insurance brokerage, CyberPolicy may be the best option for small business owners across a variety of industries. Being a brokerage allows CyberPolicy to get cyber liability quotes from multiple top carriers, including Liberty Mutual and Chubb, through a single, easy-to-use application. Business owners can review quotes on their own or contact an agent for assistance through the platform’s chat function.
Small business owners who want to add a cyber endorsement to their business owner’s policy (BOP) should work with The Hartford. BOPs already combine general liability and commercial property, usually at a reduced rate, and The Hartford includes first-party coverage automatically for electronic data and interruptions to computer operations in its BOP. Four cyber liability insurance endorsements are also available.
Travelers offers small business owners a cyber liability add-on called CyberFirst Essentials. This policy offers $25,000 limits on information security liability coverage and a minimum premium of $150 per year. However, the real standout for Travelers is its cybersecurity resources. Policyholders can use its coaching services, readiness assessments, and training videos to reduce their cyber liability risk. This makes Travelers the top choice for business owners who want to reduce claims to control their cyber insurance costs.
Relation Insurance is the ideal brokerage for business owners who want to work closely with their agent to find the right coverage for their business. The firm’s agents often specialize in an industry to give them a better understanding of their clients’ common risks. They can then provide a comprehensive risk analysis by interviewing key staff, analyzing historical losses and claims, reviewing current policies, and investigating cybersecurity techniques.
CNA is an excellent choice for professionals, including architects, engineers, and lawyers. For these business owners, CNA offers a cyber product called EPS that covers seven commonly covered risks, including network security and business interruption. Professionals can then customize their policies through nine endorsements that cover events like voluntary shutdowns, dependent network failures, and social engineering.
In addition to its broad coverage, CNA’s NetProtect policy covers both electronic data and paper files. This is ideal for business owners who have cyber risks, but who may also keep traditional records.
Cyber Insurance Coverage Options
Carriers often offer endorsements to their cyber insurance coverage that business owners can use to tailor their policies to their unique risks. Some common endorsements include coverage for:
- Computer fraud
- Bricking like damage to hardware
- Identity monitoring for owners, employees, and customers
- Payment Card Industry (PCI) fines
- Vendors and off-site computers
- Paper records
Which coverages your cyber insurance has depends mainly on whether your insurer uses the standard policy and what endorsements it’s willing to offer. In many cases, an insurer may allow you to select from these and other riders, but some carriers may limit their coverage to just a few of these. This is why business owners need to know their options and consider both price and policy terms when selecting cyber insurance coverage.
Cyber Liability Insurance Costs
Cyber insurance costs vary widely, depending largely on how much risk your business faces. Industry plays a large role here because some businesses are more likely to have data that attracts a hacker. But the amount of data matters, too. A small business that stores data but has relatively few customers can expect to pay between $750 and $2,000 per year. Larger businesses with more revenue and more clients might pay up to $8,500 annually.
Cyber Liability Insurance Costs by Industry
Healthcare IT Provider
Small Retail Store
Many small businesses get cyber insurance by adding an endorsement to their BOPs. Those that purchase standalone policies find premiums typically start around $1,000 for a $1 million coverage limit. However, several factors can raise annual premiums to the higher end of the price, around $8,500.
The primary factors impacting cyber insurance costs include:
- Industry: Industries where businesses commonly store personally identifiable information (PII) or personal health information (PHI), such as finance and health, or are responsible for securing their clients’ electronic data, such as information technology (IT), have greater risk of cyberattack.
- Type and amount of records: Storing client data as opposed to your own information requires greater protection. The more PII or PHI you store creates greater risk so that you may need higher coverage limits.
- Annual revenue: Businesses with higher revenue are more likely to be sued after a data breach, so they usually have higher cyber liability insurance costs.
- Policy terms: Selecting higher coverage limits increases your business’s protection, but it also drives your premiums up. Conversely, choosing a higher deductible usually lowers your annual costs.
Standardized cyber liability insurance is relatively new, and some insurers still use their own forms. As a result, terms and premiums can vary greatly. We recommend getting quotes from at least three providers to ensure you find cyber insurance coverage that is both affordable and appropriate for your operations.
Cyber Liability Insurance Frequently Asked Questions (FAQs)
The risk of suffering a data breach is much greater than most small business owners realize. If you’re not sure whether you need cyber liability insurance or which coverage is right for your business, check out our answers to a few of the frequently asked questions below.
Why should I buy cyber insurance?
Small business owners face a much greater threat of data breaches and cyberattacks than most realize. Hackers often take advantage of weak security in small businesses to infiltrate larger companies. Worse? The cost of a cyber incident can be in the tens of thousands for small businesses. Cyber liability insurance helps defray those costs.
How much cyber liability insurance do I need?
As with any insurance policy, you want to get a cyber policy that covers your risk and the costs you might face if the worst happens. That means evaluating all the ways your network might be breached and figuring out what expenses you could be responsible for, such as regulatory fines, new hardware, and legal fees.
What’s the difference between data breach and cyber liability insurance?
Some people use the terms data breach insurance and cyber liability interchangeably. However, data breach insurance often describes first-party coverage, so it only pays your costs when your information is attacked. Cyber liability, on the other hand, covers your costs when you’re accused of causing or allowing a cyber incident for an outside party.
Almost every business is a candidate for cyber insurance coverage. If your business relies on electronic data or stores client personal information, you are at risk. The cost that follows a cyberattack, plus the damage to your reputation can hurt your business. It’s wise to protect what you’ve built by investing in cyber insurance.