What Is Cyber Insurance? The Complete Guide
Your business suffers a data breach. Do you have a recovery plan?
When you think of insurance, you normally think of policies that cover homes, cars, and lives. However, in the 21st century, people and businesses need to think about more than their physical assets.
Data breaches, ransomware, and phishing attacks are more common than ever, and the consequences can be costly, not just in money but also in lost customers and a damaged reputation. Cyber insurance can help. But what is it, exactly?
What Is Cyber Insurance?
Although businesses use cyber insurance more commonly, cyber insurance is available for both personal use and business use. Let’s break down what each type really means.
Personal Cyber Insurance
Personal cyber insurance is an insurance policy, often included in or added on to homeowners insurance, that covers cybercrimes like extortion, cyberbullying, cyberattacks, and data breaches. Also called “cyberattack insurance,” cyber insurance may include these services:
- Fraud specialists and restoration services, not unlike identity theft restoration
- Cyber monitoring, similar to dark web monitoring and credit monitoring
- The replacement or repair of electronic data, financial documents, or documents that contain personally identifiable information (PII)
Business Cyber Insurance
Business cyber insurance is a type of insurance that covers businesses’ liability for data breaches that involve sensitive information such as:
- Account numbers
- Credit card numbers
- Driver’s license numbers
- Health records
- Social Security numbers
Cyber Liability vs. Data Breach Insurance
Business cyber insurance may include cyber liability, data breach insurance, or both. An insurer called The Hartford, for example, divides the two into separate policies, although there is some overlap in the cyber insurance coverage.
- Cyber liability insurance: Better for larger businesses, cyber liability insurance covers financial losses from cyberattacks, privacy investigations, or tech-related lawsuits. That can include legal insurance, notification expenses, extortion payments for ransomware, lost income from network outages, and state or federal fines. Learn more about your state’s data breach notification and customer data privacy laws in our data privacy guide.
- Data breach insurance: Ideal for smaller businesses, data breach insurance helps businesses respond if PII is lost or stolen. That means notifying any affected customers, patients, or employees; hiring a PR firm to salvage the company’s reputation; and giving the breach victims credit monitoring service. Businesses can customize their policies by adding income/expense coverage, prior acts coverage for breaches that happened before policies’ start dates, and extortion coverage.
TIP: While small businesses should get data breach insurance, cyber liability insurance is better for large businesses.
Who Needs Cyber Insurance?
An easier question to answer would be, who doesn’t need cyber insurance?
Anyone who wants to protect themselves against cyberattacks and data breaches should consider buying cyber insurance, either on its own or as a homeowners insurance add-on. Small and large businesses should also invest in cyber insurance if they collect, send, receive, or store PII or PHI (protected health information).
Cyber insurance is especially important for companies in the healthcare, finance, and education industries, which have federal data privacy guidelines in the U.S. Essentially, if you could fall victim to a cyberattack, it’s best to have cyber insurance.
Why You Need Cyber Insurance
There are many reasons why individuals and businesses need cyber insurance, some of which overlap.
- To prevent identity theft: Identity theft can happen to individuals and businesses alike. Even with the best identity theft protection services, data breaches can result in identity theft for families and child identity theft. If you have personal data stolen, cyber insurance can help you retrieve it and protect yourself against identity theft.
- To reimburse financial losses: After you’ve hit your deductible, cyber insurance can make up for funds lost in ransomware attacks, identity theft, etc.
- To recover from cyberattacks and cyberbullying: Unlike identity theft protection, personal cyber insurance covers many types of cyberattacks, such as cyberbullying. This coverage could include reimbursing customers for lost wages or offering private tutoring for cyberbullying victims.
- To recover from data breaches: Data breaches can cause lawsuits; financial losses; loss of productivity, customers, and intellectual property; and damage to a business’s reputation. In 2020, the average cost of a data breach in the U.S. landed at $3.86 million, while it took businesses an average of 280 days to identify and contain data breaches.1 Cyber insurance helps businesses recover from data breaches sooner and reimburses them for lost funds.
- To recover from online vandalism: Sometimes, a cyberattack means vandalism to a business’s website, further damaging its reputation.2 Cyber insurance can assist here in a similar way to its data breach reimbursement.
What Cyber Insurance Covers
What cyber insurance actually covers differs for personal vs. business policies.
If you buy cyber insurance for personal use, it will cover these areas:
- Cyberattacks: The insurer will remove viruses and reprogram electronic devices, including smart home devices and security systems.
- Cyberbullying: We don’t usually think of cyberbullying as it relates to financial losses, even though our cyberbullying research has shown us that it affects 1 in 5 kids. However, if you’ve been wrongfully terminated, received discipline from school, had deductions from your wages, or had to pay a lawyer or private tutor as a result of cyberbullying, cyber insurance could reimburse you for these costs. Learn more cyberbullying statistics.
- Cyber extortion: Ransomware is a malware attack in which the hacker demands a ransom for you to regain control of your computer or access to your data. If you pay a ransom to regain access to your files, your cyber insurer could approve you for reimbursement.
- Data breaches: Fraud specialists will help you recover from data loss after a cyber incident like a data breach.
- Online fraud: You will be reimbursed for any direct financial losses due to phishing, unauthorized bank or credit card transfers, identity theft, etc.
Business cyber insurance covers these areas:
- Legal fees related to a data breach
- Lost revenue due to a cyberattack
- Notification of customers
- Recovery of customers’ identities and compromised data
- Repair of damaged computer systems
What Cyber Insurance Does Not Cover
No insurance policy covers absolutely everything. Here’s what cyber insurance won’t cover:
- General liability: Cyber insurance doesn’t cover property damage or bodily injury.
- Commercial property: It won’t reimburse you for damages to any owned or rented equipment or physical location.
- Employment practices liability: Cyber insurance doesn’t cover wrongful termination, harassment, or discrimination claims.
- Professional liability: Claims of omissions or mistakes in your business services aren’t covered.
- Lawsuits for system vulnerabilities before breaches: If you had a system vulnerability before a breach, cyber insurance won’t cover any related lawsuits.
- Future profit reimbursements: If you lost future profits because of a data breach or cyberattack, you won’t be reimbursed.
- Intellectual property theft: Even if you lose intellectual property in a data breach, your cyber insurer won’t reimburse you for its value.
- Acts of war: On the off-chance that an agent of foreign power like Russia caused your data breach, cyber insurance won’t apply.
- Technology improvements: Want to improve your security or technology systems after a data breach? Unfortunately, your cyber insurance won’t add anything to your budget.
- Social engineering attacks: Business cyber insurance doesn’t cover phishing attacks, otherwise known as social engineering. However, personal cyber insurance may offer phishing reimbursements.
Why Doesn’t General Liability Coverage Include Cyber Liability?
Most businesses have general liability insurance, but it’s rare for it to include cyber insurance. Rather, the general liability policy acts as property insurance for damages or bodily injuries due to a business’s products, operations, and services, excluding cyber incidents. For the best risk management, general liability insurance is not enough.
Does Cyber Insurance Have a Deductible?
Cyber insurance policies have deductibles that the insurer selects. For those unfamiliar with the term, deductibles are fixed sets of money that the insured has to pay before the insurance kicks in. Every time a policy covers a loss, the deductible applies.
NOTE: Higher deductibles translate to lower premiums, while lower deductibles mean higher premiums.
Attacks That Result in Cyber Insurance Claims
While data breaches are the most common reported cyber insurance claim, you can claim other cyber events as well.
- Data breaches: Not only are data breaches the most common cyber insurance claim, but they also have the largest total losses. On average, the direct cost per breached record is $7.95, and the average claim has over 693,000 breached (although the median is 135 records).3
- Cloud hacks: Sometimes, cloud storage isn’t so secure, especially if you lack strong passwords or advanced authentication.
- E-commerce account takeovers: Account takeover means that someone has taken over your customers’ or employees’ online accounts without their consent. In our account takeover report, we found that e-commerce accounts made up 8 percent of all accounts taken over.
- Phishing: Although business cyber insurance doesn’t usually cover phishing, personal cyber insurance may or may not.
- Website vulnerabilities: Every website has its vulnerabilities, and while antivirus can stop hackers in some cases, there’s no guarantee.4
- Malware: Again, even the best antivirus for business can’t completely guard against every type of ransomware, spyware, Trojan virus, computer worm, or adware that’s thrown at it.
In these cases, cyber insurance can help you recover and win back your losses.
We asked adults in the U.S. about the types of cybercrimes they’ve experienced based on their familiarity with cyber insurance.
|Type of cybercrime experienced||I’ve never heard of cyber insurance before this survey||I’m slightly or somewhat familiar with cyber insurance||I’m very familiar with cyber insurance|
|Digital identity theft||8%||69%||24%|
Shockingly, 70 percent of those slightly or somewhat familiar with cyber insurance have experienced cyber attacks. For digital identity theft, the number reached 69 percent.
How Much Does Cyber Insurance Cost?
That all sounds well and good, but what is the cost of cyber insurance? Let’s break it down for personal and business policies.
Average Cost for Individuals
Cyber insurance for individuals can be a stand-alone policy, included in a homeowners insurance policy, or an add-on to homeowners insurance. For stand-alone coverage, the company BlackFire charges $19.99 to $79.99 a month for the whole family. Another company, Agency Height, has plans that cost up to $1,000 a year. However, if it’s part of your homeowners insurance policy, you won’t have to pay anything extra for cyber insurance.
When we asked adults in the U.S. how much they thought annual premiums for personal cyber insurance policies of up to $25,000 cost, they vastly underestimated. 93 percent believed it cost under $200, while annual premiums can really cost up to $1,000 a year.
|How much do you think the yearly premium would be to purchase a personal cyber insurance policy with $25,000 coverage?||Overall|
|Less than $50||19%|
|$50 – $99||25%|
|$100 – $149||40%|
|$150 – $199||10%|
|More than $200||7%|
Average Costs for Businesses
According to the insurance company Progressive, annual costs for business cyber insurance range from $500 to $5,000. Another study of 43 U.S. insurance companies found that the average annual cost is $1,438, which breaks down to $124 a month. However, some states have more expensive policies than others, as you can see in the chart below.5
|State||Average cost of cyber insurance (2020)||Average cost of cyber insurance (2019)||Percent change|
|District of Columbia (Washington, D.C.)||$1,539.25||$1,536||0%|
FYI: From 2019 to 2020, the average cost of cyber insurance increased by 5 percent in the U.S.
What Affects the Cost of Cyber Insurance?
So, why are some policies so much more expensive than others? Many factors affect cyber insurance premiums, especially for businesses:
- Coverage needs and limits
- Who has access to systems and data
- Network security (i.e., whether the business has antivirus software, firewalls, and strong passwords)
- The type of business (for example, businesses that store a lot of data, like accounting firms and medical offices, usually pay more for cyber insurance)
- Whether or not the business has made cyber claims recently6
- The business’s revenue
- How many employees the business has
How To Apply For Cyber Insurance
Applying for cyber insurance requires filling out an online form, requesting a quote, or contacting an agent directly. See the chart below for all of the major cyber insurance companies’ processes, for both personal and business usage.
|Insurer||Link to application, contact, or quote request form||Name of agent||Agent’s title||Phone number|
|Allianz||https://www.agcs.allianz.com/solutions/financial-lines-insurance/cyber-insurance.html||Shanil Williams||Global head of financial email@example.com||49-89-3800-65779|
|Argo||https://www.argolimited.com/argo-cyber/product/argo-cyber/?locale=en||Paul Miskovich||Group head of firstname.lastname@example.org||212-607-8863|
|Aspen Insurance||N/A||Josh Ladeau||Global head of tech E&O and email@example.com||860-656-2990|
|AXA XL (XL Catlin / XL Reinsurance America Group)||https://axaxl.com/insurance/products/cyber-insurance||N/A||N/A||N/A||N/A|
|Berkshire (Apogee Insurance Group)||N/A||N/A||N/A||N/A||888-845-1637|
|BlackFire Cyber Insurance||https://www.blackfirecyberinsurance.com/personal-cyber-insurance/||N/A||N/A||N/A||N/A|
|Burns & Wilcox||https://www.cyberman365.com/plans_pricing||N/A||N/Afirstname.lastname@example.org||N/A|
|Fairfax (Allied World)||N/A||Jason Glasgow||Vice president, cyber email@example.com||860-284-1654|
|Hackinsure (Front Row Insurance)||https://workplaceinsure.frontrowinsurance.com/quote/step-1||Stacie O’Beirne||Senior vice president, firstname.lastname@example.org||646-849-4114|
|The Hanover Insurance Group||https://www.hanover.com/contact-agent||N/A||N/A||N/A||N/A|
|Hiscox||N/A||Meghan Hannes||Product head, cyber and data risks||Meghan.email@example.com||312-380-5553|
|Liberty Mutual||N/A||Daniel Frusciano||Senior vice president, cyber/tech product firstname.lastname@example.org||646-826-6771|
|Sompo International||N/A||Richard DePiero||Senior vice president, cyber product leader, U.S. email@example.com||212-471-1761|
|The Cincinnati Insurance Companies||https://www.cinfin.com/business-insurance/products/cyber-risk||N/A||N/A||N/A||N/A|
|The Doctors Company||https://secure.thedoctors.com/TDCIS/get-a-quote.aspx?_ga=2.186311213.522774563.1624390319-1863551313.1624390319||N/A||N/A||N/A||800-421-2368|
|Three by Berkshire Hathaway||https://threeinsurance.com/cyber-coverage/||N/A||N/A||N/A||800-507-4495|
|Tokio Marine||N/A||Xavier Marguinaud||Head of firstname.lastname@example.org||34-93-530-7439|
|W.R. Berkley Insurance Group||https://www.berkleycyberrisk.com/contact||N/A||N/Aemail@example.com||973-775-7494|
Not sure which one to choose? Read our list of the best cyber insurance.
The Future of Cyber Insurance
Cyber insurance is a relatively new concept, but cyber insurance statistics say that it’s only going to get more common. Here are the numbers as of late:
- Currently, the cyber insurance industry is worth $9.5 billion globally, but it’s expected to rise to $20.4 billion by 2025, an increase of 115 percent.7
- A study from S&P Global Ratings found that current commercial and private cyber insurance premiums total $5 billion, expected to increase by 20 to 30 percent each year, on average.8
- As of 2020, 35 percent of C-level respondents were considering taking out cyber insurance policies.9
- In a survey of executives responsible for purchasing insurance at over 500 companies, 56 percent of those without cyber coverage said they would likely buy stand-alone policies within the next two years.10
In a digital world, cyber insurance provides some needed protection in the case of malware, data breaches, or other cyberattacks. Whether you’re an individual or a business, cyber insurance is a necessity for protecting your online data, and the online data of your business and customers.
Frequently Asked Questions
To learn more about cyber insurance, keep reading below.
What does a cyber insurance policy cover?
Business and personal cyber insurance policies cover these areas:
- Cyber extortion
- Data breaches and notification of affected customers
- Legal fees
- Online fraud
- Recovery of customers’ identities and compromised data
- Repair of damaged computer systems
- Other related expenses
Who needs cyber insurance?
Any person who uses the internet and any business that holds, stores, or receives personal information needs cyber insurance.
What is the purpose of cybersecurity insurance?
The purpose of cybersecurity insurance is to help people and businesses recover from cyberattacks, data breaches, and online fraud through reimbursements, fraud specialists, cyber monitoring, lawsuit protection, and the replacement and repair of electronic data, financial documents, and more.
What does cyber insurance not cover?
Cyber insurance does not cover these areas:
- Breaches caused by foreign agents (acts of war)
- Commercial property
- Employment practices liability
- Future profit reimbursements after data breaches or cyberattacks
- General liability, such as property damage or bodily injury
- Intellectual property theft
- Lawsuits for pre-breach system vulnerabilities
- Phishing attacks (for business cyber insurance policies)
- Professional liability
- Reimbursements for security or technology improvements after cyberattacks
IBM. How much would a data breach cost your business?
The Ame Group. Data Security Breach: 5 Consequences for Your Business.
Willis Towers Watson. (2020). Cyber claims analysis report.
Travelers. The hard realities of a cyber event.
AdvisorSmith. (2021). Cyber Insurance Cost.
Progressive Commercial. Cyber Insurance Cost. progressivecommercial.com/business-insurance/cyber-insurance/cyber-insurance-cost/
Statista. (2020). Estimated cyber insurance market size worldwide in 2020, with forecasts up until 2025.
S&P Global Ratings. (2020). Cyber Risk in a New Era: Insurers Can Be Part of the Solution.
Munich RE. (2021). Cyber insurance: Risks and trends 2021.
Deloitte. (2020).Overcoming challenges to cyber insurance growth.