December 21, 2021

Is Cybersecurity Insurance Worth It?

Written by
Why is TechnologyAdvice Free?

In 2021, the average total cost of a data breach rose to $4.24 million, up from $3.86 million in 2020. In response to these rising costs, a new industry has emerged: cybersecurity insurance. While there are benefits to purchasing cybersecurity insurance, the product is mostly new and untested, leaving many variables for the buyer. So, is cybersecurity insurance worth it, and is it right for your business?

Cybersecurity insurance overview

What is cybersecurity insurance?

Cybersecurity insurance is a type of liability coverage that can help cover the data recovery costs businesses face when dealing with ransomware or similar attacks. Cyber liability insurance also covers court and attorney fees, settlements, and compliance fines should a data breach happen and affect a third party. For software vendors and managed services providers (MSPs), an errors and omissions (E&O) policy covers bugs in an application you provided or mistakes you make in configuring your client’s network.

Businesses purchase cyber insurance to offset the costs they face in the aftermath of a cyberattack by moving some of the costs to the insurer in exchange for a recurring fee, typically monthly or quarterly. There are usually several different policy options to choose from, along with add-ons for extra coverage.

Who needs cyber insurance?

Businesses need cyber insurance if they handle or store:

Additionally, businesses with large customer bases or valuable data assets have a lot to lose from a ransomware attack and should add cyber liability insurance to keep themselves afloat in case of a breach. Cyber insurance can also help out with the loss of revenue from downtime for e-commerce and similar businesses.

Pros of cyber liability insurance

Breaches on their own can be costly, and that doesn’t even include lawsuits that businesses may face as the result of a breach. Cybersecurity insurance protects organizations from a variety of costs that can arise as the result of a cyberattack, including ransoms, legal fees, and hiring cybersecurity experts to recover data. With some cyber insurance, the policy may also cover the cost to provide identity protection to customers affected by a breach, allowing businesses to retain the trust of their customers. 

Thanks to cybersecurity insurance, businesses can also afford to hire forensic cyber investigators to determine the cause of the breach, identify any major vulnerabilities, and gather evidence for criminal reports if necessary. Policies may also provide 24/7 access to investigators, allowing businesses to investigate the breach immediately after discovery.

Cons of cyber liability insurance

Despite the benefits of cyber liability insurance, it doesn’t cover everything that a breach may cost businesses. Most cybersecurity insurance won’t provide coverage for:

  • Property damage (should be included in commercial property insurance)
  • Losses of intellectual property (this is a different type of coverage)
  • Costs of preventative measures (like backup and recovery software)

Additionally, most policies won’t cover incidents knowingly caused by a business’s employee. For example, if one of your employees steals credit card information from your database, uses it for purchases, and then the customer sues your company, your cyber insurance policy wouldn’t cover any costs related to that incident. For a full list of everything your policy will and won’t cover, you’ll need to talk to your insurance provider.

Also Read: 5 Keys to Writing Your Incident Response Plan

Best cybersecurity insurance providers

The following cyber insurance providers offer flexible options for coverage and include add-ons that increase protection.


AIG offers standalone cybersecurity policies as well as the option to add cyber insurance to an existing commercial property insurance policy, which is great for businesses that already use AIG. The claims hotline is available 24/7 and provides access to a variety of relevant vendors including forensic investigators and recovery experts. AIG also provides preventative services, including phishing training and simulation, infrastructure vulnerability scans, and risk consulting options.

AIG insurance logo.


Hiscox provides cybersecurity insurance for small businesses and gives the option to upgrade the coverage to include claims related to an organization’s online content, including intellectual property disputes, defamation, and negligence. Businesses gain access to training modules to reduce their risk through employee awareness. Hiscox also provides coverage for business interruptions stemming from tech failures and programming errors in addition to cybersecurity attacks. 

Hiscox cyber insurance logo.


Chubb offers standalone cybersecurity insurance and an enterprise risk management solution that includes a cyber insurance policy, so you can get the coverage that meets the requirements of your industry or product. The policies are flexible, and you can choose which coverage to add to keep your business safe while staying within your budget. Chubb also offers other business insurance policies, allowing businesses to keep all of their policies under the same umbrella. The insurance also includes risk consulting to help you identify vulnerabilities and protect your business.

Chubb cybersecurity insurance logo.

Does cyber insurance make sense for your business?

Small businesses and startups may not be able to justify the expense of cybersecurity insurance, especially if they don’t yet have a large portfolio or many digital assets. However, large enterprises that carry a lot of PII or financial information for their customers should invest in cyber insurance to protect themselves against legal and recovery expenses in the case of a breach. Because of the high costs associated with cyberattacks, a single breach could cause some businesses to go bankrupt unless they have cyber liability coverage. 

Whether or not you invest in cyber insurance, you should add cybersecurity tools to your tech stack to prevent data breaches in the first place. With our Security Software Product Selection Tool, you’ll get a free, personalized list of security software recommendations in as little as five minutes. Or, you can call (855) 718-1369 to speak with one of our experts today.

Top Cybersecurity Software Recommendations

1 NINJIO Cybersecurity Awareness Training

Visit website

NINJIO prepares organizations to defend against cyber threats through their engaging, video-based training courses. They earned the highest score among providers named "Customer's Choice" in Gartner's 2022 "Voice of the Customer” Security Awareness Computer-Based Training report. Teams love NINJIO because of their Hollywood-style microlearning episodes, each based on recent, real-world breaches. Click below to get the full Gartner report and 3 free episodes, and see why everyone loves NINJIO.

Learn more about NINJIO Cybersecurity Awareness Training


Visit website

Protect your company computers, laptops and mobile devices with security products all managed via a cloud-based management console. The solution includes cloud sandboxing technology, preventing zero-day threats, and full disk encryption capability for enhanced data protection. ESET Protect Advanced complies with data regulation thanks to full disk encryption capabilities on Windows and macOS. Get started today!

Learn more about ESET PROTECT Advanced

3 Managed Threat Complete

Visit website

Managed Threat Complete extends your team fast with Rapid7 MDR analysts and digital forensics and incident response experts working side-by-side. Your environment is monitored 24/7/365, and threats are acted on, end to end. Data collection is unlimited. Incident response, unlimited. Vulnerability management, unlimited. And it’s consolidation with a strategy: you proactively handle your risks, and Rapid7 reacts for you when a threat gets real.

Learn more about Managed Threat Complete

Need a Little Help?

Talk with a software expert for free. Get a list of software that’s great for you in less than 15 minutes.

Technology Advice is able to offer our services for free because some vendors may pay us for web traffic or other sales opportunities. Our mission is to help technology buyers make better purchasing decisions, so we provide you with information for all vendors — even those that don't pay us.