Cyber Liability Insurance: Cost, Coverage & Who Needs It
Virginia has extensive experience writing about insurance and finance for a number of online platforms. She brings this expertise to business insurance and life insurance content across Fit Small Business.
Cyber liability insurance protects businesses from losses or damage caused by cyberattacks and data breaches. These expenses can include data restoration, extortion, legal fees, and regulatory fines. Costs vary depending on your risk factors and the coverage you choose, but small businesses with moderate risk can usually pay between $900 and $1,200 per year for cyber insurance.
Insurers like The Hartford can assess your cyber insurance needs and provide a customized policy at an affordable price. The streamlined process takes minutes, and you receive a free quote at the end.
What Is Cyber Insurance?
Cyber insurance is a policy designed to help businesses survive data breaches by covering the liability and property losses that follow. Coverage is typically split into two categories: First-party and third-party coverage. First-party cyber insurance coverage pays for costs your business incurs while third-party coverage is for losses your customers or clients incur in a cyberattack.
While many general liability and professional liability policies include a limited amount of cyber insurance coverage, small business owners may need additional first-party cyber insurance if they store customer data, often in the form of credit card numbers or email addresses, or have proprietary information stored as electronic data. Information technology (IT) businesses that are responsible for safe data storage, such as software developers and database administrators, need third-party coverage.
What First-party Cyber Liability Insurance Covers
First-party cyber liability insurance covers expenses related to data breaches and other cyberattacks on your company. These costs may include:
- Client notification
- Credit monitoring services for your business
- Forensic services to identify the source
- Public relations campaigns and goodwill marketing
- Lost income if your business has to pause operations
- Ransom in the case of cyber extortion
Any business owner who stores, sends, or receives electronic data should consider getting first-party cyber insurance coverage to help pay expenses if a cybercriminal infiltrates their network.
Example: A shopkeeper downloads an application from a phishing email that gives a cybercriminal access to her customers’ credit card information. She files a claim on her first-party cyber insurance coverage that helps her notify her clients of the breach.
What Third-party Cyber Liability Insurance Covers
Third-party cyber liability insurance covers your responsibility for securing your network and is typically triggered by accusations that your business failed to prevent a virus or disclosure of confidential information. Standard cyber liability can also cover accusations that you defamed someone online. If one of these things happens to your business, your insurer pays costs like:
- Attorney’s fees
- Settlements or judgments against your business
- Government fines and penalties
- Defense before regulatory boards
Companies that install or service IT infrastructure for other companies to pay are types of businesses that typically purchase cyber liability insurance, although some tech professionals find coverage in their professional liability insurance. Other business owners also may need it, including retailers, accountants, and insurance agents.
Example: After the same data breach, the shopkeeper’s customers file a class action lawsuit. The shopkeeper’s legal fees, including any settlement or judgment, are typically covered by her third-party cyber insurance.
Cyber Insurance Coverage Options
Business owners can usually get endorsements to tailor their cyber insurance policies to their operations and unique risks. Some common endorsements include coverage for:
- Computer fraud
- Damage to hardware
- Identity monitoring for owners, employees, and customers
- Payment Card Industry (PCI) fines
- Vendors and off-site computers
- Paper records
The coverages your cyber insurance has depends mainly on whether your insurer uses the standard policy and what endorsements it’s willing to offer. In many cases, an insurer may allow you to select from these and other riders, but some carriers may limit their coverage to just a few of these. This is why business owners need to know their options and consider both price and policy terms when selecting cyber insurance coverage.
Data Breach Insurance vs Cyber Liability Insurance
People often use the terms data breach and cyber insurance interchangeably, but that can be risky. Many carriers make distinctions between the two, and a number of them recommend data breach insurance for small businesses because it often covers any situation where data is lost or stolen. The Hartford, for example, offers data breach insurance that covers data lost when a laptop is misplaced or when a criminal hacks into your network. Cyber liability generally only covers data compromised through internet attacks.
Do Small Businesses Need Cyber Liability Insurance?
Cyber liability insurance is not just for large organizations like Marriott and Microsoft, both of which announced massive data breaches in early 2020. Small and midsized companies are also at risk. Hackers often specifically target small businesses because these organizations are more vulnerable. Unfortunately, Hiscox’s Cyber Readiness Report showed the median cost of cyber events is $57,000, which is six times what it was in 2019.
The report also breaks down the median cost by business size:
- 1 to 9 employees: $7,000
- 10 to 49 employees: $17,000
- 50 to 249 employees: $50,000
- 250 to 999 employees: $133,000
- 1,000+ employees: $504,000
Moreover, the COVID-19 pandemic may be contributing to an even greater uptick in cybercrime. Insurers cite the increase in at-home workers, the number of small businesses adding digital services, and an upsurge in phishing attacks impersonating government agencies like the Centers for Disease Control and Prevention (CDC) as areas of concern. Even worse? The increase in remote workers may make it harder to identify and contain a breach quickly.
According to Allison Hill, client executive at CSDZ, a construction risk management company:
“Don’t assume that your company doesn’t have an exposure just because it’s not obvious. If you allow credit card payments, you have an exposure. If you store data at your location, you have an exposure. If you have email, you have an exposure. There exists no business that is truly immune to the potential of a cyber liability claim. Ultimately, you can choose to buy insurance or self-insure, but recognizing the potential for loss is the most important element of this process.”
Despite the clear risk to businesses of all sizes and industries, many small business owners lag behind in cybersecurity. This makes cyber liability an essential business insurance policy.
Cyber Liability Insurance Costs
Cyber insurance costs vary widely, depending largely on how much risk your business faces. Industry plays a large role here because some businesses are more likely to have data that attracts hackers. But the amount of data matters too. Small businesses that store data but have relatively few customers can expect to pay between $700 and $9000 per year. Larger businesses with more revenue and more clients might pay up to $8,500 annually. Overall, a study by AdvisorSmith places the average cost of cyber insurance at $1,485 per year.
Cyber Liability Insurance Costs by Industry
Business | Annual Revenue | Coverage Amount | Typical Annual Premium |
|---|---|---|---|
Healthcare IT Provider | $500,000 | $1 million | $1,000 to $2,500 |
Healthcare Clinic | $400,000 | $1 million | $1,200 to $3,000 |
Certified Public Accountant (CPA)/Tax Preparation | $100,000 | $1 million | $1,200 to $3,000 |
Small Retail Store | $250,000 | $1 million | $1,000 to $2,500 |
Many small businesses get cyber insurance by adding an endorsement to their business owner’s policies (BOPs). Those that purchase standalone policies find premiums typically start around $1,000 for a $1 million coverage limit. However, several factors can raise annual premiums to the higher end of the price, around $8,500.
The primary factors impacting cyber insurance costs include:
- Industry: Industries where businesses commonly store personally identifiable information (PII) or personal health information (PHI), such as finance and health, or are responsible for securing their clients’ electronic data, including information technology (IT), have a greater risk of cyberattack.
- Type and amount of records: Storing client data as opposed to your own information requires greater protection. The more PII or PHI you store creates greater risk, so you may need higher coverage limits.
- Annual revenue: Businesses with higher revenue are more likely to be sued after a data breach, so they usually have higher cyber liability insurance costs.
- Policy terms: Selecting higher coverage limits increases your business’s protection, but it also drives your premiums up. Conversely, choosing a higher deductible usually lowers your annual costs.
Standardized cyber liability insurance is relatively new, and some insurers still use their own forms. As a result, terms and premiums can vary greatly. We recommend getting quotes from at least three providers to ensure you find cyber insurance coverage that is both affordable and appropriate for your operations.
Top Cyber Liability Insurance Providers
Provider | Best For |
|---|---|
Comparing cyber insurance coverage from multiple providers | |
Business owners who want broad cyber coverage added to a BOP | |
Reducing costs through cybersecurity training | |
Industry-specific in-depth risk analysis and assistance | |
Professional service firms, including accountants, architects, engineers, and lawyers, looking for customizable coverage |
Cyber insurance is still relatively new. However, the steady rise of cyberattacks and the standardization of coverage has resulted in more insurers carrying products for businesses of all sizes. Small business owners may still have a hard time finding affordable coverage, so our list of top companies include small business specialists and brokers who can quote multiple carriers.
CyberPolicy
As an online insurance brokerage, CyberPolicy may be the best option for small business owners across a variety of industries. Being a brokerage allows CyberPolicy to get cyber liability quotes from multiple top carriers, including Liberty Mutual and Chubb, through a single, easy-to-use application. Business owners can review quotes on their own or contact an agent for assistance through the platform’s chat function.
The Hartford
Small business owners who want to add a cyber endorsement to their BOP should work with The Hartford. BOPs already combine general liability and commercial property, usually at a reduced rate, and The Hartford includes first-party coverage automatically for electronic data and interruptions to computer operations in its BOP. Four cyber liability insurance endorsements are also available.
Travelers
Travelers offers small business owners a cyber liability add-on called CyberFirst Essentials. This policy offers $25,000 limits on information security liability coverage and a minimum premium of $120 per year. However, the real standout for Travelers is its cybersecurity resources. Policyholders can use its coaching services, readiness assessments, and training videos to reduce their cyber liability risk. This makes Travelers the top choice for business owners who want to reduce claims to control their cyber insurance costs.
Relation Insurance
Relation Insurance is the ideal brokerage for business owners who want to work closely with their agent to find the right coverage for their business. The firm’s agents often specialize in an industry to give them a better understanding of their clients’ common risks. They can then provide a comprehensive risk analysis by interviewing key staff, analyzing historical losses and claims, reviewing current policies, and investigating cybersecurity techniques.
CNA
CNA is an excellent choice for professionals, including architects, engineers, and lawyers. For these business owners, CNA offers a cyber product called EPS Plus that covers seven common risks, including network security and business interruption. Professionals can then customize their policies through nine endorsements that cover events like voluntary shutdowns, dependent network failures, and social engineering.
In addition to its broad coverage, CNA’s EPS Plus policy covers both electronic data and paper files. This is ideal for business owners who have cyber risks, but who may also keep traditional records.
Cyber Liability Insurance Frequently Asked Questions (FAQs)
The risk of suffering a data breach is much greater than most small business owners realize. If you’re not sure whether you need cyber liability insurance or which coverage is right for your business, check out our answers to a few of the commonly asked questions below.
Why should I buy cyber insurance?
Small business owners face a much greater threat of data breaches and cyberattacks than most realize. Hackers often take advantage of weak security in small businesses to infiltrate larger companies. What’s worse? The cost of a cyber incident can be in the tens of thousands for small businesses. Cyber liability insurance helps defray those costs.
How much cyber liability insurance do I need?
As with any insurance policy, you want to get a cyber policy that covers your risk and the costs you might face if the worst happens. That means evaluating all the ways your network might be breached and figuring out what expenses you could be responsible for, such as regulatory fines, new hardware, and legal fees.
What isn’t covered by cyber liability insurance?
Cyber insurance coverage typically doesn’t pay for a loss in value if hackers steal your intellectual property, nor does it cover lost profits. Most also don’t pay for system upgrades after a cyber event, PCI fines, or reputational damage without an endorsement for the additional coverage.
Bottom Line
Almost every business is a candidate for cyber insurance coverage. If your business relies on electronic data or stores client personal information, you are at risk. The cost that follows a cyberattack, plus the damage to your reputation can hurt your business. It’s wise to protect what you’ve built by investing in cyber insurance.
