How Much Does Cyber Insurance Cost?

Insurance is a cornerstone of risk management strategies, which is why we have insurance for our homes, cars, and costly incidents like fires and floods. But in this digital age where our lives and businesses are intricately intertwined with technology, we also need cyber insurance.

Cyber insurance provides a safety net for when we or our business becomes a victim of a cyberattack such as hacking or a data breach. Like other types of insurance, cyber insurance protects us from potentially huge financial dents. But how much does cyber insurance itself cost, and is it worth it?

In this guide, we’ll get into what you can expect to pay for cyber insurance, what it covers, and how you can keep your costs down based on our experience buying and using cyber insurance ourselves.

How Much Does Cyber Insurance Cost?

You know how insurance companies work. When it comes to cost, there’s never really a straightforward answer. It always depends on a huge number of factors. In the case of cyber insurance, the main determining factor is whether you’re getting insurance for yourself or your business.

Personal Insurance Policies

Personal cyber insurance typically comes as an add-on to homeowners or renters insurance, though stand-alone policies are becoming more common. Coverage levels and pricing vary based on your location, claims history, and the insurer you choose. Basic policies start at around $12 per month for $25,000 in coverage. However, most pay between $30 to $125 monthly for cyber insurance, with the price reflecting coverage limits and deductible choices.

According to recent market data, the perception of cyber insurance costs often exceeds reality. Many consumers assume cyber insurance will cost them hundreds per year, when in fact, basic coverage can be quite affordable. However, the premiums are expected to increase in coming years which is why we recommend getting coverage now.1

Business Insurance Policies

Let’s move on to business cyber insurance, which is even more complex than personal cyber insurance. Many factors can influence the price, including: 

• Type of industry
• Type of business
• Size of the company
• Amount of sensitive information the company maintains
• Annual revenue
• Strength of security measures
• Coverage level
• Deductible
• Claims history

Business cyber insurance premiums vary largely based on the industry and size of the business. However, our research consistently shows policies ranging in price from $1,200 to $7,000 per year with small businesses typically on the lower end. That said, larger enterprises can see premiums ranging from $10,000 to well over $100,000 per year.

How to Keep Cyber Insurance Costs Down

Whether you’re applying for personal or business cyber insurance, the reality is that it’s going to cost you. Of course, there are ways you can keep the annual premiums down. Here are a few examples.

Personal Policies

While options for reducing personal cyber insurance premiums are somewhat limited, insurers increasingly reward proactive security measures. Here’s what can help lower your costs:

• Pay your premiums upfront
• Limit your cyber risks by using antivirus software, VPNs, and strong, secure passwords
• Enable multi-factor authentication on all financial and email accounts
• Complete cyber awareness training offered by some insurers for premium discounts
• Choose higher deductibles if you can afford the out-of-pocket expense

Business Policies

Normally, insurers don’t advertise business discounts, but most companies will tailor a policy to your particular needs. If that’s the case, you might cut costs by using some best practices to limit your risk.

• Employee training: Implement regular security awareness training for all staff. Companies with documented training programs often see five to 15 percent premium reductions.
• Penetration testing: Conduct annual third-party security assessments and vulnerability scans to identify weaknesses before attackers do.
• Strict password policies: Follow best practices for passwords, using 12 or more characters and a combination of numbers, letters, and special characters. Consider implementing two- or multi-factor authentication to your online accounts as well.
• Personal data encryption: Encrypt all sensitive data. Make sure the encryption key is safe, and limit who has access to it.
• Limited records: Limit the number of records you deal with. If you don’t need access to some records, store them securely so they can’t be compromised.2
• Incident response plan: Having a documented and tested incident response plan can reduce premiums by demonstrating preparedness.
• Regular backups: Maintain encrypted, offline backups that are tested regularly. This shows insurers you can recover from ransomware without paying ransoms.

What Is Cyber Insurance?

Cyber insurance is a contract between you and an insurer that says the insurer will pay you for any losses you incur related to your computers or network. Cyber insurance covers many types of cyber incidents, from computer damages to data breaches. In fact, the easiest way to explain cyber insurance is to talk about just what kinds of events it covers.

Personal Policies

Different personal and family policies cover different kinds of cyber dangers, but most offer protection from these incidents:

• Attacks on equipment: Even if you’ve installed the best antivirus software on your devices, malware can still find ways to infect them. Cyber insurance helps you pay for equipment repairs or replacements.
• Cyberbullying losses: Cyberbullying statistics are troubling these days. In fact, 44 percent of U.S. parents report that their children have been harassed online at some point. Cyber insurance can cover counseling costs, legal fees, and even relocation expenses resulting from severe cyberbullying incidents.
• Extortion: Ransomware attacks continue rising in frequency, with average ransom demands reaching $2,000 for personal attacks. Most cyber insurance covers both ransomware payments and professional negotiation services.
• Identity theft: Thieves want your personally identifiable information, or PII. Once they’ve committed identity theft, they’ll try to make money from it, either by using the information themselves or by selling it on the dark web. A good identity theft protection service can prevent this problem. Additionally, many identity theft protection services now offer some form of insurance to pay for losses or expenses you accrue because of identity theft. It can pay for fraud specialists, identity monitoring, and legal fees.3 However, identity theft protection services don’t cover things like cyberbullying or ransomware reimbursement. To be completely covered, you need both services — identity theft protection and cyber insurance.

Business Policies

Cyber insurance is more complicated for businesses. In the simplest terms, business cyber insurance covers a company’s liability in cases of data breaches of sensitive customer information such as:

• Social Security numbers
• Credit card numbers
• Account numbers
• Driver’s license numbers
• Health records

However, there are two distinct types of cyber insurance for businesses: cyber liability insurance and data breach insurance. Some insurers offer these two types of insurance in combination. Others, such as The Hartford, offer them as separate policies. But what’s the difference between the two?

• Cyber liability insurance: Typically, cyber liability insurance works well for small businesses that store minimal customer data. If the company should lose any customer PII, this policy will pay for expenses like:
  • Hiring a PR firm
  • Notifying customers, patients, and/or employees of the breach
  • Providing credit monitoring and identity restoration to breach victims

  Businesses can also customize the policies to add services such as:

  • Income replacement
  • Prior act coverage, which protects a company from breaches that may have occurred before the policy started but haven’t yet been detected
  • Extortion payments
• Cyber breach insurance: Larger companies may need cyber breach insurance, which provides a broader range of coverage in the case of data breaches. For instance, in addition to the costs liability insurance covers, cyber breach insurance pays for:
  • Customer lawsuits relating to breaches
  • State and federal fines
  • Legal insurance to meet state and federal regulations

Why Buy Cyber Insurance?

There are two basic reasons why you need to get a cyber insurance policy. First, cybercrime has become a common problem, and it’s becoming worse every year. Second, cybercrime is expensive, and a policy costs less than what you’re likely to pay if you become a victim.

Personal Policies

The scale of cybercrime continues to expand dramatically. In 2024, the FBI’s Internet Crime Complaint Center received over 850,000 complaints – nearly the highest number ever recorded.4 This represents a continuous upward trend that shows no signs of slowing. The harsh reality remains: if you’re online, you’re a potential target.

The financial impact is staggering. Those complaints in 2024 resulted in reported losses exceeding $16 billion – nearly triple the amount from just a few years prior. The average loss per complaint now exceeds $14,000 When you consider that comprehensive cyber insurance coverage costs a fraction of potential losses, the value proposition becomes clear.

Business Policies

The business case for cyber insurance has never been stronger. 60 percent of small businesses close within six months of a cyberattack.5 With cybercriminals regularly targeting small businesses, that’s not a risk you want to overlook. Large businesses are also at risk with 52 percent of all cyberattacks targeting large enterprises.

How are the stakes so high? It all comes down to the cost of a cyberattack. Data breach costs for U.S. companies reached $4.4 million in 2024.6 For small businesses, even a minor incident averaging $200,000 in recovery costs can mean bankruptcy. With annual cyber insurance premiums for a $1 million policy typically costing less than two percent of the potential breach costs, it’s one of the most cost-effective risk management investments a business can make.

Purchasing Cyber Insurance

Not all cyber insurance is created equal. When it comes time to buy a policy, you need to ask the right questions of your agency, such as what kinds of events its policies cover.

Personal Policies

Before you invest in insurance, you should consider these questions carefully:

• How much coverage do you need? Start by assessing your digital footprint and financial exposure. Consider your online banking, investment accounts, cryptocurrency holdings, and smart home devices. Since the average cybercrime loss for individuals has risen significantly, $25,000 to $50,000 in coverage provides adequate protection for most households. Individuals with substantial digital assets should consider a policy from insurers like Chubb, AIG, or PURE that offer coverage limits of $100,000 or more.
• What events does the policy cover? Different companies and policies cover different cyber events. At a minimum, your policy should cover:
  • Ransomware attacks
  • Viruses and malware
  • Identity theft
  • Cyberbullying
  • Online fraud and scams
  • Cryptocurrency theft
  • Smart home device breaches
• What will the policy pay for? Just because a policy covers a specific event, such as identity theft, doesn’t mean it will pay for all the expenses you might incur. Pay close attention to what your policy pays for, and make sure the list includes:
  • Extortion payments
  • Equipment replacement
  • Software replacement
  • Lost wages
  • Identity theft restoration services
  • Legal fees
• How is the company’s customer service? Response time matters when you’re dealing with an active cyber incident. Look for insurers offering 24/7 hotlines and dedicated cyber response teams. The best cyber insurers provide immediate access to forensic experts, legal counsel, and crisis management specialists as part of their service. To confirm the quality of service, check ratings from J.D. Power, AM Best, and the Better Business Bureau.
• What will it cost? Current market rates for personal cyber insurance range from $30 to $75 monthly for $25,000 to $50,000 in coverage with a $500 to $1,000 deductible. Compare at least three quotes, but remember that the cheapest option isn’t always the best value if it lacks comprehensive coverage or responsive support.

Business Policies

With business cyber insurance, you’ll need to zoom in on the specific types of coverage the policy offers.

• What are your specific risks? Consider your supply chain vulnerabilities, remote work policies, cloud dependencies, and third-party vendor risks. Many insurers now require or offer complimentary risk assessments that use automated scanning tools to evaluate your security posture. These assessments can identify gaps and help right-size your coverage while potentially qualifying you for better rates.
• Can you get retroactive coverage? Data breaches often go undetected for some time. That means a data breach may happen before your policy starts, but that breach might not cause damage until after the coverage goes into effect. Will your insurance pay for that breach, or not? Look for companies that will pay for it or at least allow you to purchase add-on coverage that will pay for it.
• Do you need regulatory coverage? With privacy regulations like CCPA and state-specific laws expanding rapidly, regulatory fines have become a major exposure. Ensure your policy explicitly covers regulatory defense costs and penalties, as these can easily reach six figures even for small businesses.
• Does your policy cover business interruption? Beyond equipment damage, consider coverage for lost income during system downtime, costs to restore operations, and extra expenses incurred to maintain business continuity. These indirect costs often exceed direct breach expenses.

Trends in Cyber Insurance

The cyber insurance landscape has transformed dramatically in recent years, driven by escalating threats and massive claims. Here are the key trends shaping the industry:

• Stabilizing premiums after years of increases: Following dramatic rate hikes from 2020 to 2023, premiums have begun to stabilize. Average increases are around five to 15 percent compared to 50 to 100 percent jumps in previous years. However, industry experts expect more increases in the coming years.
• Stricter underwriting requirements: Some insurers now mandate specific security controls including multi-factor authentication, endpoint detection and response (EDR), privileged access management, and tested backup procedures. Companies failing to meet these requirements face limited coverage options.
• Rise of co-insurance and sub-limits: To manage exposure, insurers increasingly require policyholders to retain 10 to 20 percent of losses through co-insurance provisions. Sub-limits for ransomware, often capped at 50 percent of the overall policy limit, have become standard.7
• Expansion of personal cyber coverage: With remote work normalized, insurers are developing hybrid policies covering both personal and professional digital risks.
• AI-related cyberincidents: Insurers are starting to offer coverage for AI-related cyberincidents such as deep fakes targeting individuals or businesses.8 They’re also expanding social engineering coverage as generative AI makes these attacks more widespread.

The Most Common Cyber Insurance Claims

Cyber insurance covers various types of claims, but a few show up more often than others.

• Data breaches: A data breach is when a hacker gains access to customers’ PII. Data breaches are the most common business cyber insurance claim, and they have the largest total losses. According to a report by the insurer Willis Towers Watson, for instance, 73 percent of its clients’ claims between 2013 and 2019 involved breach/incident response and crisis management.
• Cloud hacks: Hackers use phishing attacks to gain access to individual cloud accounts. Once they’re in, they use the cloud infrastructure to jump from one customer account to another.
• E-commerce shutdowns: Hackers aren’t just about money. Hacktivists are more interested in shutting down your business. If they can hack into a website, they can shut you down completely.
• Account takeovers: The largest number of personal cyber insurance claims each year involve account takeovers. In these cyberattacks, thieves try to take over your bank accounts or credit card accounts and make fraudulent transactions. Find out more in our guide to protecting yourself from account takeovers.
• Phishing: The number of phishing scams rises each year, and the attacks are becoming more sophisticated. According to FBI statistics, for instance, phishing attacks more than doubled between 2019 and 2020.
• Malware: To prevent malware attacks, buy the best antivirus for your business or the best antivirus software for personal use. Antivirus software should protect you from most of these cyberthreats:
  • Ransomware
  • Spyware
  • Trojan viruses
  • Computer worms
  • Adware

  With over 560,000 new pieces of malware detected daily in 2024, even the best defenses can be breached. When threats penetrate your security, cyber insurance covers equipment repair, software restoration, and often ransom negotiations and payments.

Recap

Cyber insurance has evolved from a nice-to-have to a necessity in our interconnected world. With cyber incidents affecting millions of individuals and thousands of businesses annually, the question isn’t whether you need cyber insurance, but how much coverage is appropriate for your situation.

Personal cyber insurance, typically costing $30-75 monthly, provides essential protection against identity theft, ransomware, and online fraud. For businesses, policies ranging from $1,000 to $7,500 annually for small companies offer critical financial protection against breaches that average nearly $10 million in total costs. As threats continue evolving and regulations tighten, cyber insurance serves as both a financial safety net and a framework for improving your overall security posture.