The Best Cyber Insurance of 2021
So, you’re looking for cyber insurance. Where do you start?
These days, it’s not enough to insure your house, your car, and your identity. Many people and businesses are turning to cyber insurance, which covers losses following data breaches and other cyberattacks. But with any insurance policy, you want to make sure you’re choosing the right policy for you, your family, or your business. After testing out over 50 policies, we’ve found the 10 that provide the most coverage for the lowest premiums. You’re sure to find your insurance solution here from these tried-and-tested insurance carriers.
How We Picked the Best Cyber Insurance
|Number of policies tested||53|
|Ways to buy||Email, phone, online|
|Maximum range||$250,000 to $100,000,000|
|Third-party ratings||AM Best, S&P Global Ratings|
Best Cyber Insurance Overall
Best Cyber Insurance for Small Businesses
Comparison of the Best Cyber Insurance
|Best for||Overall||Small businesses||Cyber liability insurance||Data breach insurance||Large businesses|
|Personal cyber insurance||Yes||No||No||No||No|
|Business cyber insurance||Yes||Yes||Yes||Yes||Yes|
|AM Best rating||A++||A++||A+||A||A++|
|How to buy||Chubb Cyber Insurance Application||Travelers Cyber Insurance Application||Email info.source @zurichna.com or call 800-382-2150||AIG Cyber Insurance Application||Email xmarguinaud @tmhcc.com or call 34-93-530-7439|
|Read Review||Chubb Review||Travelers Review||Zurich Review||AIG Review||Tokio Marine Review|
Detailed List of the Best Cyber Insurance
1. Chubb - Best Cyber Insurance Overall
Most cyber insurance policies are aimed at businesses only, but Chubb has plans for individuals as well as families. That’s a blessing, as data breaches don’t just happen to businesses. If we had gone through one and been the victim of, say, a ransomware attack, Chubb would’ve reimbursed us for up to $25,000 if we paid the ransom.
We also got protection against stolen money from online accounts of up to $250,000, which certainly made us feel more secure about our small but growing savings accounts. And for businesses, Chubb will work well whether you’re a tiny startup or a large corporation.
What We Like
- Family, individual, and business plans
- Reimbursements up to $250,000 for financial losses
- Can be a stand-alone policy or part of Family Protection Coverage
What We Don’t Like
- Only $10,000 maximum for replacing personal data
- Only $25,000 maximum for cyber extortion
- No phone or email signup
As we said, Chubb is one of the only insurance companies to offer cyber insurance for individuals and families. We recommend signing up for Masterpiece, otherwise known as Family Protection Coverage, which includes not only cyber insurance but also insurance for your home, your valuables, and other stuff you care about. After all, home insurance isn’t enough to protect your family.
Chubb’s cyber insurance also includes identity theft restoration and public-recordings monitoring, damaged electronic data replacement or repair, and even coverage for cyber extortion, cyberbullying, financial losses, and more. Especially if you have children in your home, this coverage could be the difference between financial ruin and stability (at the risk of sounding melodramatic).
Business Protection for Any Industry
Personal cyber insurance aside, Chubb also has business cyber insurance for companies of all sizes and all industries, including these:
- Cultural institutions
- Educational institutions
- Real estate
And that’s not even a complete list. With 24/7 breach response, credit and web monitoring, data restoration, legal and PR coverage, and notification expenses, Chubb has some of the most comprehensive coverage we’ve ever seen. Combine cyber liability insurance and data breach insurance into one policy with Chubb by going onto its website. With 229 years in business (yes, you read that right), Chubb is a company we can trust.
2. Travelers - Best Cyber Insurance for Small Businesses
Small businesses need data breach insurance more than they need cyber liability insurance, but Travelers offers both in the form of CyberFirst Essentials, a policy designed specifically for small businesses. You can buy it as part of your business owners policy. In the event of a data breach, Travelers would help small businesses notify their customers and hook them up with credit monitoring, retain a PR consultant to help restore the business’s reputation, and cover any forensic fees, defense, or settlement costs.
What We Like
- Policies designed for small businesses specifically
- Covered under business owners policy
- A++ rating from AM Best and AA rating from S&P
What We Don’t Like
- No personal cyber insurance
- No stand-alone coverage
- Must go through an agent to purchase policies
Data Breach Prevention
If you don’t want CyberFirst Essentials, you can also get cyber insurance for your small business under CyberRisk, which works with companies of all sizes across various industries. This plan is preventative, giving policyholders a Symantec Cyber Security Coach to let your employees know what they can do to prevent data breaches.
Symantec, in case you didn’t know, is the force behind Norton LifeLock identity theft protection, Norton Antivirus, and Norton Secure VPN, all of which we’ve tested in our LifeLock review, Norton Antivirus review, and Norton Secure VPN review. Norton is a top digital security company, so we like that Travelers has teamed up with it to take a preventative approach rather than a reactive one.
Programs for Tech and Public Organizations
Most cyber insurance policies are one size fits all when it comes to different industries, but Travelers has CyberRisk plans developed specifically for tech companies and public entities.
Insuring agreements Type of coverage Tech Public Designed to protect N/A Information technology, medical technology, electronics manufacturing, or telecommunications service providers American Indian nations, public schools K-12, counties, municipalities, utilities, transit authorities Total number of insuring agreements N/A 18 17 Technology errors and omissions Liability Yes No Media Liability No Yes Privacy/security Liability Yes Yes Privacy breach notification Breach response Yes Yes Cyber extortion Breach response Yes Yes Data restoration Breach response Yes Yes Computer fraud Cybercrime Yes Yes Funds transfer fraud Cybercrime Yes Yes Social engineering fraud Cybercrime Yes Yes Business interruption Business loss coverage Yes Yes System failure Business loss coverage Yes Yes
Phishing isn’t usually a part of cyber insurance coverage, so we especially like that Travelers covers social engineering fraud for tech companies and public organizations. That’s important, as anyone can fall victim to social engineering attacks.
3. Zurich - Best Cyber Liability Insurance
Cyber liability insurance, as opposed to data breach insurance, covers financial losses from cyberattacks, including lawsuits (and we all know how expensive lawyers can be). It also covers notification expenses, extortion payments, state and federal fines, and more. Zurich, an insurance company founded in 1872, has both cyber liability and data breach insurance, although cyber liability is where it really shines.
What We Like
- Data restoration coverage
- $25 million maximum
- A+ rating from AM Best
What We Don’t Like
- No personal cyber insurance available
- No application on the website
- Stand-alone policy only
Liability: What’s Covered
If a data breach happens, you may be liable for the release of your customers’ PII or PHI. You could also be liable to third parties for transferring a virus, which could lead to defense costs, data restoration, forensic expenses, and regulatory fines or penalties.
Fortunately, Zurich covers all that and more. It will reimburse you for lost income, PR expenses, PCI fines, defense or liability costs, cyber extortion threats, system failures, and even social engineering fund transfers, a rarity in the cyber insurance industry.
Strong Third-Party Ratings
Zurich Insurance Group has an A+ from AM Best and an AA from S&P Global Ratings (formerly known as Standard & Poor’s), but what do these ratings really mean? Well, AM Best is a credit rating agency founded in 1899, making it the first credit rating agency ever. The organization judges insurance companies for their worthiness of credit; how they pay claims and how quickly they pay them are among its foremost concerns.1 S&P Global is a similar company that uses 135 billion data points and over 1 million outstanding credit ratings to show creditworthiness.2
While we don’t depend entirely on third-party ratings, Zurich has some of the best scores of any cyber insurer, meaning that it pays claims often and on time — just what you’d want from your insurance company!
4. AIG - Best Data Breach Insurance
With cyber insurance policies, we usually see maximums of $250,000 to $25 million, but AIG knocks that out of the park. The company has a $100 million limit, four times that of its competitors.
What We Like
- Stand-alone or blended coverage
- $100 million maximum
- Cyber liability and data breach insurance
What We Don’t Like
- Relatively low S&P Global rating (BBB+)
- No personal cyber insurance
Choice of 6 Plans
While most cyber insurers are secretive about their policies, merely suggesting that you request a quote from an agent, AIG laid it all out for us. If you want comprehensive data breach insurance from AIG, go with CyberEdge, WorldRisk, or EAGLE.
Coverage CyberEdge CyberEdge Plus Property Performance WorldRisk EAGLE CyberEdge PC Type of coverage Specialty risk protector Specialty risk protector Stand-alone Endorsement to WorldRisk CGL policies Endorsement to EAGLE Stand-alone; excess-difference to fill gaps in cybersecurity coverage Third-party claims from alleged financial losses as a result of failure to protect information Yes No No Yes Yes N/A Investigation/defense of regulatory actions from failed network security; protection of confidential information, including coverage for fines/penalties Yes No No Yes Yes N/A Payment Card Industry Data Security Standard (PCI DSS) assessments for failure to protect payment card data Yes No No Yes Yes N/A Cost of notifications, PR, legal consultation, and identity monitoring for victims of a breach Yes No No Yes Yes N/A Forensic investigation costs after a cyber incident Yes No Yes Yes Yes N/A Restoration or re-creation of data lost in a cyber incident Yes No Yes No Yes N/A Expenses for business interruption Yes No Yes No Yes N/A Reimbursement for ransom payments Yes No No No No N/A Business income loss from physical damage to properties due to a cyber incident No Yes Yes No No N/A First-party property damage losses No Yes Yes No No N/A Bodily injury or third-party property damage due to security failure, privacy breach, etc. No Yes No No No N/A
Cyber Risk Summaries
AIG takes a preventative approach to data breaches. It sends each and every one of its clients an Executive Summary Report, essentially a report card for its cybersecurity. This report outlines the business’s:
- Cyber maturity
- Residual risk
- Threat likelihood
- Control effectiveness
- Cyber incident probability and impact
Basically, the business can learn how likely breaches are, and how much it would lose in everything from low-impact breaches to worst-case scenarios. This is useful information, as it stresses the importance of preventing rather than just responding to data breaches. To see a sample report, click the link below.3
5. Tokio Marine - Best Cyber Insurance for Large Businesses
Last but not least is Tokio Marine, an ideal cyber insurance provider for larger businesses like Fortune 500 companies. In business since 1974, Tokio Marine offers policies worth up to $25 million that cover both cyber liability and data breach insurance.
What We Like
- An A++ rating from AM Best
- An A rating from S&P
- Comprehensive coverage
What We Don’t Like
- Can’t sign up online
- Must pay more for preventive consulting services
From data breaches to employees leaving their computers without logging out, there’s a lot of ways for cybersecurity issues to occur. Tokio Marine knows this, so it covers first-party losses along with liability.
Cyber incident Insured first-party losses Insured liability losses Data breach Emergency response costs Damages Data breach Event management costs Regulatory fines and penalties Data breach Notification costs Defense costs Data breach Monitoring costs Investigation costs Data breach Recovery costs Damages Cyberattack Emergency response costs Defense costs Cyberattack Event management costs Investigation costs Cyberattack Diverted funds Damages Cyberattack Recovery costs Defense costs Human error Business interruption loss Investigation costs Human error Emergency response costs Defense costs Human error Event management costs Damages Insured systems disruption Business interruption loss N/A PCI noncompliance Emergency response costs PCI penalties PCI noncompliance Event management costs Damages PCI noncompliance N/A Investigation costs PCI noncompliance N/A Defense costs Electronic media claim Emergency response costs Damages Electronic media claim Event management costs Defense costs E-threat Response costs Damages E-threat N/A Defense costs
Support for Many Industries
Tokio Marine doesn’t limit its cyber insurance to a specific industry. It’s suited for large businesses across the following industries:
- Private equity
- Real estate
Aside from cyber insurance, Tokio Marine offers property, accident, health, marine, travel, and financial insurance, among other policies. Big businesses can get cyber insurance on its own or as part of a blended policy.
To select the best cyber insurance policies, we researched policies thoroughly, taking these factors into account:
- What the policies cover: Ideally, policies cover both cyber liability and data breach insurance, not one or the other.
- Limit maximums: Maximums tend to range from $250,000 to $100 million.
- Policy type: Some policies are stand-alone, while others are blended with homeowners insurance or general business policies.
- Business vs. personal plans: Most cyber insurers only cover businesses, but some also cover individuals and families.
- Covered industries: Most cyber insurers cover a wide range of industries, though industry-specific policies are available.
- Buying process: While some companies have customers contact agents directly, with others, you can apply for a policy or request a quote online.
- Third-party ratings: We take into account ratings from AM Best and S&P Global, two of the top credit rating agencies.
- Company background: Finally, we look into how long the company has been around, its reputation, and what other services and insurance policies it offers.
What Is Cyber Insurance?
Cyber insurance is a type of insurance that’s available to both individuals and businesses, so we defined it for each category.
Personal vs. Business
- Personal cyber insurance: This type of insurance covers data breaches, cyberbullying, cyberattacks, cyber extortion, and other cybercrimes. Personal cyber insurance is often an add-on to or included in homeowners insurance policies, but stand-alone policies are also available.
- Business cyber insurance: Business cyber insurance covers businesses’ liability for data breaches of customer information, including Social Security numbers, health records, and any other documents containing PII, or personally identifiable information.
NOTE: While data breach insurance is better for small businesses, cyber liability insurance is better for large businesses.
Cyber Insurance Pricing
How much cyber insurance costs depends on a number of factors, and it’s different for people and businesses.
- Personal cyber insurance cost: If it’s not part of an existing policy, personal cyber insurance can be up to $1,000 a year, starting at around $200 from companies like BlackFire4 and Agency Height.5However, 93 percent of U.S. adults believe that annual premiums of cyber insurance policies covering up to $25,000 cost under $200.
- Business cyber insurance cost: The average yearly cost of cyber insurance for businesses is $1,438, according to a study from AdvisorSmith.6 However, depending on the size of your business, you could spend anywhere from $500 to $5,000 (or even more for large enterprises).
Many factors influence the cost of cyber insurance, like a business’s industry, number of employees, current network security, data access, and revenue. If you already have strong digital security measures in place like firewalls, antivirus software, and secure passwords, that could lower your premiums. On the other hand, working in industries like healthcare or finance could raise your premiums, as you most likely store large amounts of sensitive data.7
TIP: To minimize the cost of your cyber insurance, limit who has access to data that contains PII or PHI (protected health information).
Cyber Insurance Pros and Cons
We think that any business or person that uses the internet could benefit from cyber insurance, even after weighing its negatives. However, you can decide for yourself whether you deem it necessary.
What We Like
- It reimburses financial losses. In the event of a cyberattack, your cyber insurer will help you reprogram your devices and cover any direct financial losses.
- It helps with PR. For businesses, cyber insurance helps you improve your reputation after a data breach.
- It helps with restoration after identity theft. For any customers affected by the data breach, cyber insurance will help them after their identities have been stolen with services like identity monitoring, web monitoring, credit monitoring, and identity restoration.
What We Don’t Like
- It can be expensive. Depending on the size of your business, cyber insurance could cost thousands. For individuals, the cost could be up to $1,000 a year, which isn’t negligible. For 34 percent of U.S. adults that don’t have personal cyber insurance policies currently, the main reason is the high costs.
- It doesn’t cover everything. Cyber insurance doesn’t cover general liability, damages to commercial property, property and casualty insurance, professional liability, reimbursement for future profits due to data breaches, etc.
How Common Is Cyber Insurance?
While there’s no good data on how common personal cyber insurance is in the United States (yet), there are some cyber insurance statistics for businesses. However, some of the currently available data conflicts with each other. For example, cyber insurer Hiscox reported that a total 55 percent of businesses had cyber insurance in 2020, which is expected to grow by 15 percent in 2021.8 Research from Statista, on the other hand, found that 75 percent of organizations had purchased cyber liability insurance as of 2018.9
Whatever the current numbers are, it’s clear that the cyber insurance market is growing, expected to increase in yearly revenue from $9.5 billion to $20.4 billion by 2025. As data breaches become common, more people and businesses will take the plunge to protect their digital and physical lives.
Who has the best cyber insurance policy?
The company that provides the best cyber insurance policy is Chubb. Chubb has policies for businesses, individuals, and families.
Is cyber insurance worth the cost?
We think that cyber insurance is worth the cost, as it can reimburse people and businesses after data breaches and other cyberattacks.
According to IBM, the average cost of a data breach for businesses was $3.86 million in 2020. For individuals with accounts taken over, the average loss was nearly $12,000, according to our research. Given that businesses spend an average of $1,438 on cyber insurance, according to AdvisorSmith, and that individuals can pay as little as $199 a year, we think cyber insurance is worth its cost for both groups.
Who offers cybersecurity insurance?
These are some companies that offer cybersecurity insurance:
- Agency Height
- Alleghany Corporation
- American International Group (AIG)
- AmTrust Financial
- Aspen Insurance Group
- AXIS Capital
- BCS Insurance Company
- Berkshire Insurance Group
- BlackFire Cyber Insurance
- Burns & Wilcox
- Central Insurance
- CNA Financial
- Cowbell Cyber
- Gannon Associates
- Hanover Insurance
- Hathaway Agency
- Liberty Mutual
- Markel Corporation
- Plymouth Rock
- Sompo International
- State Farm
- The Cincinnati Insurance Companies
- The Doctors Company
- The Hartford
- Tokio Marine
- W.R. Berkley Corporation
- XL Catlin
- XL Reinsurance America Inc.
What should I look for in cyber insurance?
When it comes to cyber insurance, you should look for:
- 24/7 breach response service
- Credit and web monitoring
- Crisis management
- Reimbursements for customer or employee losses
- Coverage for cyberattacks, extortions, cyberbullying, etc.
- Liability coverage for data breaches
- Identity and data recovery services
- Legal expense reimbursements
- Reimbursements for regulatory fines and penalties
- PR expenses
- Maximums of at least $250,000 for business insurance policies or $25,000 for personal policies
- High ratings from AM Best and S&P
- Reimbursements for loss of business, net profits, income, etc.
AM Best. (2021). About Us.
S&P Global. (2021). About S&P Global Ratings.
AIG. (2020). Cyber Insurance Executive Summary Report.
BlackFire Cyber Insurance. (2021). Personal Cyber Insurance.
Agency Height. (2021). Can You Earn More With Cyber Liability Insurance?
AdvisorSmith. (2021). Cyber Insurance Cost.
Progressive Commercial. (2021). Cyber Insurance Cost.
Hiscox. (2021). Hiscox Cyber Readiness Report 2021.
Statista. (2018). Does your organization purchase cyber liability insurance?