What is Cyber Insurance?

Get a Quote

Cyber insurance, also known as cyber liability insurance, covers business liability for damages resulting from data breaches involving sensitive data – which can range from clients’ personal information to corporate IP and trade secrets.

While this may seem like a niche problem, it’s becoming a real concern as more and more businesses and organizations are increasingly online and digital. In fact, the post-pandemic landscape has accelerated the adoption of digital tech and remote work for many businesses, from large enterprises to local mom-and-pop shops. Unfortunately, this greater access also puts everyone at greater risk for cyber attacks like data breaches, ransomware, and other malicious hacks.

Trust us — you don’t want to wait until after a cyber attack to think about insurance coverage. Cyber insurance can cover you from first-party cyber attacks, as well.

Our team at C&S can find the cyber insurance policy that’s right for your business. We not only want to help protect you in the event of a cyber attack, but we also want to put your mind at ease.

Does General Liability Cover Cyber Liability?

General liability is specifically for bodily injury and property damage, and personal and advertising injuries resulting from your products, service, or operations. It’s not intended to cover damage resulting from data breaches and other cybercrime, which is why it’s so important to find the right cyber insurance to cover your business in case of a cyber attack.

Who Needs Cyber Insurance?

Increasingly, everyone! While large businesses have always been targets for cybercrime, small businesses are more at risk than ever. Data breaches aren’t just caused by hackers and employee negligence; scams are an extremely common means of compromising login information and passwords. According to the F.B.I., business email compromise (BEC) is a rising problem across all industries, to the tune of $26 billion dollars across small, medium, and large businesses.

The year 2020 alone saw 1,473 data breaches that affected business, medical/healthcare, education, finance, and government. These breaches have real costs that can damage or even cripple a business. Let’s take a look:

  • The main cost of cyber attacks is business interruption, where either important data is lost permanently, or a business simply cannot operate. These attacks account for around 60% of the value of all claims analyzed, followed by the recovery and repair costs involved with dealing with data breaches.
  • Ransomware incidents are a particularly devious attack, and account for up to 18% of all cyber insurance claims. A hacker will acquire login credentials to your business’ network and then either lock it out of access or threaten to release sensitive data unless a ransom is paid. CoveWare reports that the average ransomware payment in the third quarter of 2020 was $233,817 — up 31% from the second quarter.

How Much Does Cyber Insurance Cost?

Much like any other type of insurance, the cost will depend on different risk factors, including the following:

  • Overall security of the network
  • Size of the business
  • Average annual revenue
  • Industry the business operates in
  • Type of data that the business typically deals with

Businesses have different levels of risk. For small contractors, a limit of $250,000 in coverage is a good starting point. Some cyber insurers will offer $1,000,000-plus.

A large business that operates in the tech space and handles sensitive data is likely to be a high value target for cybercrime, and therefore at higher risk. Increasingly, hospitals and other healthcare providers are also a favored target for ransomware attacks. Organizations and businesses that have a previous history of data breaches will also likely be charged more for a cyber insurance policy than those that have good security reputations.

If you want to do more to keep your network secure, train your employees on how to spot scams and provide more online security. You can start by following these tips from the F.B.I. on how to better protect yourself from cybercrime. And then don’t forget to purchase the right kind of cyber insurance for your business. Cyber insurers are another great resource for tips to protect yourself from cybercrime.

What Does Cyber Insurance Cover?

Cyber insurance is designed to cover the costs of security failures, which can involve data recovery, legal defense, and making reparations to customers. This can include:

  • First-party breaches like ransomware and phishing scams
  • Legal fees and related expenses from lawsuits
  • Notifying customers about a data breach and data loss
  • Restoring the personal identities of affected customers
  • Repairing damaged computer systems and networks
  • Recovering compromised or ransomed data
  • Related third-party losses

What Is Not Covered by Cyber Insurance?

Not all possible damages arising from a cyber attack are covered by cyber insurance. Generally, a cyber insurance policy will not typically cover:

  • Potential future losses due to breached data
  • Loss of value due to theft of your intellectual property
  • Losses due to damage in reputation due to a cyber-attack
  • Software or security improvements to computers and networks

Different cyber insurance policies will have different exemptions and possibilities for enhancement, so it’s worth your time to look deeply at what a policy provides instead of settling for blanket coverage. For example, does the definition of “computer system” in the policy also account for employees who are working from home? If an employee opens a work-related email on their cell phone that causes a data-breach, is that also covered under your policy?

Exact coverage will depend upon the policy, which is why it’s best to consult with us. We can direct you toward the coverage that will protect your business and data.


Q: In terms of cyber insurance, what’s changed since the COVID-19 pandemic?
A: As more of the workforce moved toward a work-from-home environment, employees had to rely upon their private computer and technology setups. This means a greater risk of breaches as home work stations may connect to the business network through an unsecured connection. While at home, employees may also decide to work on home systems or check personal email and social pages on company equipment, which increases vulnerability to social engineering breaches like phishing and BEC scams.

Cyber insurance policies should offer coverage for breaches caused over home connections, otherwise they’re missing an area of high vulnerability.

Q: Will cyber insurance prevent a cyber attack or data breach?
A: Unfortunately, insurance cannot prevent an attack or a breach. But it’s important to note that there’s no preventive measure that will 100% protect you from a potential data breach. Therefore, cyber insurance serves as an invaluable protection to recover from losses. Again, cyber insurers make a tremendous effort to put important information in the hands of their clients to help mitigate the risk of a cyber attack from occurring.

Q: What’s the future of cyber insurance?
A: Unfortunately the frequency of cyberattacks is predicted to increase and social engineering attempts by cyber criminals are likely to get harder to detect. Cyber criminals are continuously changing, evolving, and shifting their craft, so cyber insurance policies need to be increasingly flexible in order to cover all the possible points of access and potential risks.

Q: Does cyber insurance have a deductible?
A: Like most other types of policies, cyber insurance has deductible payments. You should be able to select the amount of your deductible dependent upon your policy and needs. If your business can expect massive losses due to a single data breach, you may want a high amount of coverage in exchange for a higher deductible. If your business is suffering smaller, yet constant cyber attacks, then it’d make more sense to opt for a lower coverage in exchange for a smaller deductible.

Q: Is cyber insurance worth it?
A: If you conduct any business online (which is the case for most), it’s definitely an important consideration. If your business is employing a Customer Relations Management (CRM) or Enterprise Resource Planning (ERP) system, then there are fundamental aspects of your business that are at risk in case of a breach. In those cases, cyber insurance is more than worth it — it’s a necessity.

Protect Your Business With C&S Insurance

With C&S Insurance, you can expect dedicated support from someone who knows your business. We’re more than just an insurance agency; instead of calling a 1-800 number or self-service menu, you can contact your account manager directly to ask questions and explain what you’re looking for. We’ll take the time listen, help you prioritize your risk, and develop a cyber risk management program customized to your business.

Plus, through our partnerships with specialized cyber insurers, our insurance agents always keep up to date on the latest in cyber insurance news and trends.

We’re just a phone call or email away! Contact us at 508.339.2951 or info@candsins.com and we’ll be in touch.