Cybersecurity Insurance: What It Covers, Who Needs It

In the event of a hack, cyber insurance can shield your company. It is crucial that you obtain coverage before an attack happens.

RCS hosted a webinar with an insurance broker and underwriter.

Here are our 4 biggest takeaways:

  • If you manage client data or hold information about your company online, you should carry cybersecurity insurance.

  • The cost of notifying your consumers about a breach, legal defense, and other expenses may be covered by cybersecurity insurance.

  • Cybersecurity insurance includes policies for data breaches and cyber liability.

  • You might be able to supplement your business owner's policy with some cyber insurance.

Businesses are shielded from financial losses by cybersecurity insurance from events like data breaches and theft, system hacking, ransomware extortion, and more. You should have at least some cyber insurance coverage if your small business keeps sensitive data online or on a computer.

You can acquire cyber insurance independently or as an add-on to a business owner's policy from several insurers. What cybersecurity insurance covers and where to get a policy are listed below.

What are the types of cybersecurity coverage?

First-party or liability coverage is typically available for cybersecurity insurance; these plans offer protection to businesses under various conditions. If your company is in the technology industry, you should also think about including the different but related technological errors and omissions coverage.

First-party coverage

First-party cybersecurity insurance covers the costs of things like: 

  • Investigation of the incident.

  • Risk assessment of future cyber incidents.

  • Lost revenue due to business interruption.

  • Ransomware attack payments based on coverage limits.

  • Notifying customers about the cyber incident and providing them with anti-fraud services such as credit monitoring.

The most common first-party cybersecurity coverage is data breach insurance.

Third-party or cyber liability coverage

Cyber liability coverage can protect your business if a third party sues you for damages as a result of a cybersecurity incident.

Cyber liability coverage generally pays for:

  • Attorney and court fees associated with legal proceedings.

  • Settlements and court judgments.

  • Regulatory fines for noncompliance.

General liability insurance excludes coverage for data breach-related liability claims, so if your business stores customer data, you’ll want to consider a separate cyber liability insurance policy. 

Technology errors and omissions

A technology errors and omissions, or E&O, policy kicks in if a cybersecurity incident occurs in a customer’s business because of an error on your part. If your company develops technology products or offers technology services, you should think about purchasing this coverage.

First-party or liability insurance, for instance, would offer protection if a customer's financial information was stolen from your computer. However, you're now in the tech E&O zone if you create an accounting software application with a bug in the coding, and as a result, the customer's data is directly stolen from their computer.

Legal fees, court costs, and judgments or settlements are among the things that technology E&O pays for, much like cybersecurity liability insurance, but only in specific situations involving goods or services.

Which businesses need cybersecurity insurance?

Almost any business — no matter its size — can be at risk for cybercrime. But cybersecurity insurance is especially important for:

  • Businesses that store important data online or on computers. If your business stores important data, such as phone numbers, credit card numbers, or Social Security numbers — either online or on a computer — you are at risk of a cyberattack. You should consider data breach insurance. If you store sensitive customer data, consider cyber liability coverage, too. 

  • Businesses with large customer bases. Insurance can help cover certain regulatory fines these businesses might be subject to following a data breach. Notifying customers of data breaches is often required by state law, and first-party policies can cover this cost, which can be significant for companies with large consumer bases.

  • Businesses with high revenue or valuable digital assets. The costs associated with cyber incidents can be difficult to predict, and larger companies are likely to have more valuable data, which could come with a more expensive ransom. 

If you are unsure whether you need cybersecurity insurance, consider speaking to a business insurance agent near you to assess your risk level and potential premiums to determine if it's the right investment for your company.

What does cybersecurity insurance exclude?

Cybersecurity insurance does not pay for the following: 

  • Property damage. Cybersecurity insurance generally doesn’t pay for any property damage stemming from a data breach or cyberattack, such as hardware that was fried during the cyber incident. These sorts of claims are usually covered by commercial property insurance.

  • Intellectual property. During a cyber incident, intellectual property losses and any lost income associated with it are commonly excluded from cybersecurity insurance coverage. 

  • Crimes or self-inflicted cyber incidents. Virtually no cybersecurity policy is going to cover a business that is charged with committing a crime related to or causing a cyber incident. Commercial crime insurance generally covers theft by employees, though.

  • Costs for proactive preventive measures. Protective measures to avoid a future cyberattack, like training employees on cybersecurity and setting up a virtual private network, probably won’t be covered by a cyber insurance policy. 

How do I get cybersecurity insurance?

Most suppliers of commercial insurance offer cybersecurity insurance. We recommend Munich Re Specialty Group Insurance and Marsh & McLennan Agency.

Although this may not be enough coverage for firms with more complicated demands, several business insurance providers offer cybersecurity or data breach insurance as an add-on to their business owner's policy.

Obtain several business insurance quotes to get an idea of how much cybersecurity insurance is likely to cost for your company. You may quickly get the greatest coverage at the lowest cost by comparing quotes from internet business insurance providers, or you can work with a business insurance agent.

How much cybersecurity coverage do I need?

The average small firm has cybersecurity coverage limits of $1 million. However, as every business has unique risks and requirements, an insurance agent can assist you in choosing the appropriate level of coverage.

The rates for these policies can be rather high; according to the insurance marketplace Insureon, the average cost of coverage is $140 per month ($1,675 yearly). But paying for that can be less expensive than starting a company from scratch.

According to a report from the insurance company Hiscox from 2021, the average reported cost of a cyberattack among small enterprises with fewer than 250 employees was roughly $25,600. Some small businesses might be forced to close with that much money.



For more information on optimizing your IT and securing your network, contact RCS Professional Services to speak with an IT professional or visit our website You can also visit on youtube channel to view our past live stream on Everything You Must Know About Cyber Insurance.

Robert M. Long, Risk Management Consultant at Marsh & McLennan Agency

James Brogan, Vice President & Regional Underwriting Manager at Munich Re Specialty Group Insurance

Popular posts from this blog

Changes to the Microsoft Outlook Search Bar --- Yay or Nay?

Microsoft Outlook users will be surprised to hear their email search bar has moved up, both in location and use. The search bar can now be found at the very top of the email portal.

Voice Cloning – A Growing Cybersecurity Threat

Challenges emerge in the ever-evolving landscape of cybersecurity, just when one believes they have a firm grasp on managing diverse digital risks. We would like to shed light on a rising concern known as voice cloning. This advanced technique employs artificial intelligence (AI) to replicate an individual's voice and manipulate it to articulate any desired message. However, as we delve deeper into this technology, it becomes apparent that its implications carry significant risks. The dangers associated with voice cloning are increasingly being acknowledged, prompting a need for heightened awareness and vigilance.