If you've ever been the victim of a cyber attack, you likely know the importance of having cyber insurance, especially if you own a business. Cybercrime costs are expected to reach $10.5 trillion by 2025, according to Cybersecurity Ventures. Cybercrime is especially devastating for small- and medium-sized businesses, which may not have the resources to recover.
Cyber insurance is 1 aspect of a cybersecurity plan. Learn more about this type of coverage and how it works.
What is Cyber Insurance?
Cyber insurance helps your business with the costs of recovering from a cyberattack.
Businesses of all sizes are frequent targets for cybercriminals because businesses have valuable data, including their customers’ personal data and payment information.
Best Cyber Insurance Companies
Want to compare providers side-by-side? Here are Benzinga’s recommendations.
- securely through Simply Business Insurance's websiteBest For:Tailored coverageRating:
Cyber Insurance Coverage
Cyber insurance covers a range of losses related to a cybersecurity breach. The exact coverage varies by policy, but in general, it includes:
- The costs of notifying customers of a security breach
- Identity theft protection and credit monitoring for affected customers
- The costs of recovering data
- The costs of repairing damaged hardware and software
- The cost of hiring a public relations firm to help your business deal with the fallout
It also helps to cover the cost of lawsuits from customers who have had their personal data compromised.
Types of Cyber Liability Insurance
Policies vary by company, so it’s critical to review the coverage carefully and choose a policy that fits your business’ needs. Policies typically include the following types of coverage:
- Network security: This covers costs that your business pays for directly due to a cyberattack, including legal expenses, IT forensics, payment of a ransomware demand, data restorations and credit monitoring and identity restoration for customers.
- Privacy liability: This covers legal costs related to a cyberattack, including defending your business from lawsuits related to the security breach and legal expenses and fines related to regulatory investigations. Businesses working in heavily regulated industries like finance and healthcare should keep these regulatory costs in mind.
- Network business interruption: This coverage helps you if your business has to close temporarily due to a cyberattack or a system failure. It can help with lost profits and other expenses while your business is closed.
- Media liability: This protects you from claims related to intellectual property infringement and covers both online and print advertising.
- Errors and omissions: This protects you if you’re unable to meet business obligations due to a cyberattack. For example, if an accounting firm experienced a cyberattack, it might not meet tax deadlines, causing their clients to incur penalties and fees. This coverage helps pay claims related to performance errors or being unable to perform services.
While these types of coverage are found in most policies, insurance companies also offer add-ons worth considering, including:
- Social engineering coverage: In this type of attack, criminals con employees into revealing compromised information. For example, a criminal might pose as an IT support person and be given access to servers, making it easy to hack into your network. It may be included as part of a crime policy or as part of a cyber insurance policy, so talk to your agent about how to ensure these types of attacks are covered.
- Reputational or brand damage coverage: This type of coverage helps your business recover from the fallout that comes with a data breach. It reimburses you for the losses that come from negative publicity.
- Bricking coverage: This is coverage for hardware that is no longer useable due to a cyber attack.
Advantages and Disadvantages of Cyber Insurance
As with everything, there are pros and cons to cyber insurance. Here are the major advantages and disadvantages.
The main advantage of cyber insurance is peace of mind. It ensures that if your business experiences a cyberattack, you’ll have resources to help you recover. It also ensures that you can assist impacted customers, which is a big step in earning back their trust.
One disadvantage is a lack of consistency across the industry. Each insurance company offers different coverage. It’s important to dig into the details when you shop for insurance to ensure everything you want is included in the policy, either in the base policy or as an endorsement (a policy add-on).
Another disadvantage is, potentially, a false sense of security. It could be tempting to rely on your coverage as a cybersecurity tool when it’s really a back-up in case your security measures aren’t enough.
Some also feel that cyber insurance has emboldened cybercriminals, especially those who commit ransomware attacks. Ransomware is when your system is locked by cybercriminals, and it can only be unlocked with a code.
The hackers demand a ransom in return for the code. Since cyber insurance typically covers these ransom demands, some feel that insurance has encouraged criminals to commit more of these attacks.
Cyber Insurance vs. Cybersecurity
Cyber insurance, as discussed above, is not the same as cybersecurity. Cyber attack coverage is a back-up if cybersecurity measures fail.
It’s part of a comprehensive approach to cybersecurity, which should include:
- Antivirus and anti-malware software
- Regular software patching
- Strong passwords
- Multi-factor authentication
- Device encryption
- Staff education
- Data backups
This is not an exhaustive list of the measures businesses should take for cybersecurity. The Better Business Bureau offers a guide to help you get started or improve your current security stance.
Like any insurance policy, some situations aren’t covered. These include:
- Claims covered by other policies like general or professional liability
- Electrical or mechanical failures
- Deliberately dishonest acts
- Wear and tear of your equipment
- Acts of war, which could include breaches by a foreign power
- Theft of intellectual property (covered in an intellectual property policy)
- Costs associated with improving your security and technology after a breach
Protect Yourself from Cybercrimes
Most businesses would benefit from some sort of cyber security plan. Take the time to get multiple quotes and tailor your coverage to the risks your business faces. It’s an essential part of a comprehensive cybersecurity plan.
Frequently Asked Questions
Q. Is cyber insurance worth the cost?
Many business owners find that cyber insurance is worth the cost because it covers situations that aren’t covered by other types of business insurance.
Some refer to this as silent cyber, which means that most insurance policies are silent about cyber attacks. This means that coverage is typically limited unless you have a policy that specifically covers it.
Q. Who needs cyber insurance?
Businesses that handle customer data or payment information should consider having cyber insurance. In other words, most businesses.
Q. Do individuals need cyber insurance?
Individuals typically only need cyber insurance if they run a business. Otherwise, individuals should consider identity theft insurance, which provides coverage if your data is compromised.
It typically includes identity and credit monitoring, identity recovery assistance and reimbursement for out-of-pocket costs associated with identity theft, including postage and notary costs and possibly lost wages and legal fees.
It doesn’t reimburse you for stolen funds, but banks and credit card companies may be able to assist in those instances.