Cybersecurity insurance is essential for protecting businesses from financial losses due to incidents such as data breaches, hacking, ransomware attacks, and more. If your small business stores sensitive information digitally, it’s crucial to have some form of cyber insurance coverage.
Cyber insurance can be purchased as an add-on to a business owner’s policy or as a standalone policy. Here’s an overview of what cybersecurity insurance covers and where to buy a policy.
Types of Cybersecurity Coverage
Cybersecurity insurance generally falls into two categories: first-party coverage and liability coverage. These policies protect businesses in different scenarios. Technology businesses should also consider technology errors and omissions (E&O) coverage, which is related but distinct.
First-Party Coverage
First-party cybersecurity insurance covers expenses such as:
– Investigating the incident.
– Assessing the risk of future cyber incidents.
– Lost revenue due to business interruption.
– Ransomware attack payments, within coverage limits.
– Notifying customers about the incident and offering anti-fraud services like credit monitoring.
Data breach insurance is the most common type of first-party cybersecurity coverage.
Third-Party or Cyber Liability Coverage
Cyber liability coverage protects your business if a third party sues you for damages resulting from a cybersecurity incident. It typically covers:
– Attorney and court fees.
– Settlements and court judgments.
– Regulatory fines for noncompliance.
General liability insurance does not cover data-breach-related liability claims, so businesses that store customer data should consider a separate cyber liability insurance policy.
Technology Errors and Omissions (E&O)
Technology E&O insurance covers incidents where a cybersecurity issue occurs due to an error on your part, affecting a customer’s business. This coverage is important for businesses that manufacture technology products or provide technology services. For example, if a customer’s financial data is stolen due to a flaw in your accounting software, technology E&O insurance would cover legal fees, court costs, and settlements or judgments in these specific circumstances.
Who Needs Cybersecurity Insurance?
Any business, regardless of size, can be at risk for cybercrime. However, cybersecurity insurance is particularly crucial for:
Businesses Storing Sensitive Data
If your business stores important data like phone numbers, credit card numbers, or Social Security numbers, either online or on computers, you are at risk of a cyberattack. In this case, data breach insurance is essential. For businesses storing sensitive customer data, cyber liability coverage is also important.
Businesses with Large Customer Bases
Companies with extensive customer bases can face significant costs in notifying customers of data breaches, often required by state law. First-party policies can cover these costs and any regulatory fines that may follow a data breach.
Businesses with High Revenue or Valuable Digital Assets
Cyber incidents can result in unpredictable costs, especially for larger companies with valuable data. Such companies may face higher ransom demands in ransomware attacks. Cyber insurance can help mitigate these potential losses.
What Does Cybersecurity Insurance Exclude?
While cybersecurity insurance offers significant protection against a variety of cyber threats, it does have its exclusions. Here’s what cybersecurity insurance typically does not cover:
Property Damage
Cybersecurity insurance usually doesn’t cover property damage resulting from a cyber incident. For example, if your hardware is damaged during a data breach or cyberattack, this type of claim would generally fall under commercial property insurance.
Intellectual Property
Losses related to intellectual property and any associated lost income during a cyber incident are often excluded from cybersecurity insurance coverage.
Crimes or Self-Inflicted Cyber Incidents
If your business is involved in committing a crime related to or causing a cyber incident, cybersecurity policies typically won’t provide coverage. However, commercial crime insurance may cover theft committed by employees.
Costs for Proactive Preventive Measures
Expenses for proactive measures to prevent future cyberattacks, such as employee cybersecurity training or setting up a virtual private network (VPN), are generally not covered by cyber insurance policies.
How to Get Cybersecurity Insurance
You can purchase cybersecurity insurance through most business insurance providers. Many companies offer cybersecurity or data breach insurance as an add-on to a business owner’s policy. However, this might not provide sufficient coverage for businesses with more complex needs.
To understand the potential cost of cybersecurity insurance for your business, it’s advisable to obtain multiple quotes. You can do this quickly through online business insurance providers or by working with a business insurance agent, who can help you compare quotes and find the best coverage at the best price.
Best Cybersecurity Insurance Options
Here are some top business insurance companies to consider for your cyber insurance coverage:
Chubb: Best Overall Cyber Insurance for Small Businesses
Chubb’s Cyber ERM (Enterprise Risk Management) policy provides extensive protection, covering ransom payments, data recovery, customer notifications, and legal defense costs. It also helps compensate for income lost during the recovery period. You might be able to purchase a policy online. Read NerdWallet’s review of Chubb small-business insurance for more information.
The Hartford: Best for Adding Coverage to a Business Owner’s Policy
The Hartford allows you to add data breach insurance to a business owner’s policy or general liability insurance policy. Their cyber coverage can help with costs related to customer notifications, incident investigations, and legal defense. Read NerdWallet’s review of The Hartford business insurance for further details.
Travelers: Best for Cyber Liability Coverage
Travelers offers comprehensive cyber insurance options, including tailored cyber liability insurance and technology errors and omissions insurance. Smaller businesses might consider the CyberFirst Essentials product, which covers data breach investigations, customer notifications, and legal costs. You’ll need to work with an agent to get a quote. Check out NerdWallet’s review of Travelers business insurance for more insights.
Three Insurance: Best for Comprehensive Insurance Coverage
Three, a Berkshire Hathaway company, provides extensive business insurance coverage, including cyber liability and data breach protection. It’s a good option for business owners who prefer managing a single policy. Note that it’s available in only 23 states. For more details, read NerdWallet’s review of Three business insurance.
How Much Cybersecurity Coverage Do I Need?
Most small businesses typically carry around $1 million in cybersecurity coverage limits. However, the right amount of coverage depends on your specific risks and needs. An insurance agent can help you determine the appropriate level of coverage for your business.
Cybersecurity insurance premiums can be substantial. According to Insureon, the median cost of a policy is $140 per month ($1,675 annually). Despite the cost, having this coverage can be more economical than rebuilding your business from scratch after a cyberattack.
A 2021 report from Hiscox, an insurance provider, found that among small businesses with fewer than 250 employees, the average reported cost of a cyberattack was about $25,600. Such an amount could be enough to shutter some small businesses, highlighting the importance of having adequate cybersecurity insurance.
By understanding these exclusions and considerations, you can make informed decisions about cybersecurity insurance and better protect your business from potential cyber threats.