In 2021, the average total cost of a data breach rose to $4.24 million, up from $3.86 million in 2020. In response to these rising costs, a new industry has emerged: cybersecurity insurance. While there are benefits to purchasing cybersecurity insurance, the product is mostly new and untested, leaving many variables for the buyer. So, is cybersecurity insurance worth it, and is it right for your business?
Cybersecurity insurance overview
- What is cybersecurity insurance?
- Who needs cyber insurance?
- Pros of cyber liability insurance
- Cons of cyber liability insurance
- Best cybersecurity insurance providers
- Does cyber insurance make sense for your business?
What is cybersecurity insurance?
Cybersecurity insurance is a type of liability coverage that can help cover the data recovery costs businesses face when dealing with ransomware or similar attacks. Cyber liability insurance also covers court and attorney fees, settlements, and compliance fines should a data breach happen and affect a third party. For software vendors and managed services providers (MSPs), an errors and omissions (E&O) policy covers bugs in an application you provided or mistakes you make in configuring your client’s network.
Businesses purchase cyber insurance to offset the costs they face in the aftermath of a cyberattack by moving some of the costs to the insurer in exchange for a recurring fee, typically monthly or quarterly. There are usually several different policy options to choose from, along with add-ons for extra coverage.
Who needs cyber insurance?
Businesses need cyber insurance if they handle or store:
- Personally identifiable information (PII) such as social security numbers
- Customer or internal financial/payment data
- Medical information
Additionally, businesses with large customer bases or valuable data assets have a lot to lose from a ransomware attack and should add cyber liability insurance to keep themselves afloat in case of a breach. Cyber insurance can also help out with the loss of revenue from downtime for e-commerce and similar businesses.
Pros of cyber liability insurance
Breaches on their own can be costly, and that doesn’t even include lawsuits that businesses may face as the result of a breach. Cybersecurity insurance protects organizations from a variety of costs that can arise as the result of a cyberattack, including ransoms, legal fees, and hiring cybersecurity experts to recover data. With some cyber insurance, the policy may also cover the cost to provide identity protection to customers affected by a breach, allowing businesses to retain the trust of their customers.
Thanks to cybersecurity insurance, businesses can also afford to hire forensic cyber investigators to determine the cause of the breach, identify any major vulnerabilities, and gather evidence for criminal reports if necessary. Policies may also provide 24/7 access to investigators, allowing businesses to investigate the breach immediately after discovery.
Cons of cyber liability insurance
Despite the benefits of cyber liability insurance, it doesn’t cover everything that a breach may cost businesses. Most cybersecurity insurance won’t provide coverage for:
- Property damage (should be included in commercial property insurance)
- Losses of intellectual property (this is a different type of coverage)
- Costs of preventative measures (like backup and recovery software)
Additionally, most policies won’t cover incidents knowingly caused by a business’s employee. For example, if one of your employees steals credit card information from your database, uses it for purchases, and then the customer sues your company, your cyber insurance policy wouldn’t cover any costs related to that incident. For a full list of everything your policy will and won’t cover, you’ll need to talk to your insurance provider.
Best cybersecurity insurance providers
The following cyber insurance providers offer flexible options for coverage and include add-ons that increase protection.
AIG offers standalone cybersecurity policies as well as the option to add cyber insurance to an existing commercial property insurance policy, which is great for businesses that already use AIG. The claims hotline is available 24/7 and provides access to a variety of relevant vendors including forensic investigators and recovery experts. AIG also provides preventative services, including phishing training and simulation, infrastructure vulnerability scans, and risk consulting options.
Hiscox provides cybersecurity insurance for small businesses and gives the option to upgrade the coverage to include claims related to an organization’s online content, including intellectual property disputes, defamation, and negligence. Businesses gain access to training modules to reduce their risk through employee awareness. Hiscox also provides coverage for business interruptions stemming from tech failures and programming errors in addition to cybersecurity attacks.
Chubb offers standalone cybersecurity insurance and an enterprise risk management solution that includes a cyber insurance policy, so you can get the coverage that meets the requirements of your industry or product. The policies are flexible, and you can choose which coverage to add to keep your business safe while staying within your budget. Chubb also offers other business insurance policies, allowing businesses to keep all of their policies under the same umbrella. The insurance also includes risk consulting to help you identify vulnerabilities and protect your business.
Does cyber insurance make sense for your business?
Small businesses and startups may not be able to justify the expense of cybersecurity insurance, especially if they don’t yet have a large portfolio or many digital assets. However, large enterprises that carry a lot of PII or financial information for their customers should invest in cyber insurance to protect themselves against legal and recovery expenses in the case of a breach. Because of the high costs associated with cyberattacks, a single breach could cause some businesses to go bankrupt unless they have cyber liability coverage.
Whether or not you invest in cyber insurance, you should add cybersecurity tools to your tech stack to prevent data breaches in the first place. With our Security Software Product Selection Tool, you’ll get a free, personalized list of security software recommendations in as little as five minutes. Or, you can call (855) 718-1369 to speak with one of our experts today.
Top Cybersecurity Software Recommendations
If your Active Directory isn’t secure, nothing is. Avoid single points of failure with comprehensive hybrid AD protection. Modernize your AD. Get lifecycle defense for identity-based attacks before, during, and after an attack, all supported by a dedicated incident response team.