Sometimes it seems like not a month goes by without some major hack that disrupted a large tech company or retailer. According to IndustryWeek, in 2018 alone there was a 350 percent increase in ransomware attacks, a 250 percent increase in business email compromise and a 70 percent increase in spear-phishing attacks in companies. If you operate a business in the 21st Century, you’re at risk for a hack. So it makes sense to consider cyber insurance. Below we’ll cover what cyber liability insurance is, how much it costs and where you can find it.
- The 10 Best Providers of Cyber Insurance
- What is Cyber Insurance?
- What does Cyber Insurance Cover?
- Who Needs Cyber Insurance and Why?
- Data Breach Insurance vs. Cyber Liability Insurance
- How Much Does Cyber Insurance Coverage Cost?
The 10 Best Providers of Cyber Insurance
We researched 20+ companies offering cyber insurance. Below are the top 10 companies offering cyber insurance that we recommend:
- CoverWallet: Allows You to Compare Online Quotes from Different Insurers
- Zeguro: Specialization in only cyber security products
- Chubb: Customized cyber security packages
- Travelers: Differentiated CyberFirst products that work for a wide variety of business types
- AIG: Comprehensive coverage
- Nationwide: Identity recovery protection and credit monitoring
- Coalition: Provides 1st Person & 3rd Person Coverage
- Corvus: Offers Coverage for Mid- & Large-Sized Companies
- Beazley Cyber Insurance: Provides Specialized Cyber Insurance Policies
- CNA: Offers Risk Assessment & Control Tools
- BCS Cyber Insurance: Established Company & Reputation
CoverWallet – Compare Online Quotes from Different Insurers
If you would rather find a one-stop-shop where you can compare coverage from different companies, consider CoverWallet. This online brokerage allows you to request quotes from multiple insurance providers, like Chubb and Hiscox, and Liberty Mutual. CoverWallet also helps you find quotes for other kinds of commercial insurance, including general liability, BOPs, and workers’ compensation.
If you buy a policy through CoverWallet, you will be able to access their digital dashboard where you can manage all of your business insurance policies in one place. The dashboard offers great digital features allowing you to manage your policies conveniently such as downloading the certificate of insurance, filing a claim, or renewing your policy timely.
Zeguro – Specialization in only cyber security products
This company specializes in cyber safety services. It offers insurance, monitoring, compliance, and training to keep your systems secure. A nice perk is that you can get a free trial of this service.
Zeguro’s site allows you to get an insurance quote. We selected a $500,000 aggregate limit and $5,000 deductible. Once you get to the end of your questionnaire for your business, you get a screen telling you the company will email you a secure login to get your quote from the system.
We’re still waiting on this email after about one day. There is also a support email or 800 number to call.
Chubb – Customized cyber security packages
A major player in the business insurance world, Chubb also offers a wide variety of cyber liability insurance products. The company specializes in combining different cyber security products together for a package that helps different types and sizes of businesses. As such, the company wants you to contact them directly through an online contact form or find an agent to start the quote process.
Travelers – Differentiated CyberFirst products that work for a wide variety of business types
Travelers offers a wide variety of coverage options for small businesses all the way up to Fortune 500 companies. It offers broad cyber liability coverage and expense reimbursement. You can find the CyberFirst program geared specifically for technology companies or public entities. It also offers a CyberFirst Essentials package for small businesses. This company also works through agents.
AIG – Comprehensive coverage
If you’re looking for comprehensive coverage, you’ll want to consider AIG. Its CyberEdge product covers financial costs in the event of a data breach, as well as costs for issues like cyber extortion and data restoration, as a few examples. It also has the CyberEdge Plus that covers physical losses from a data breach, like business interruption. Plus, there’s CyberEdge PC, which offers excess coverage on property and casualty policies. To start the process, AIG wants you to submit an online contact form.
Nationwide – Identity recovery protection and credit monitoring
Nationwide offers several different types of cyber insurance coverage. It breaks down the services into three categories: data compromise protection, identity recovery protection, and CyberOne protection (which protects against and repairs damage caused by a computer attack or virus). The data compromise protection is notable in that it includes credit monitoring.
Coalition – Specializes in 1st & 3rd Person Coverage
A fairly new company, Coalition is dedicated to providing cybersecurity insurance and all of the related aspects of it. Coalition sets itself apart by providing both 1st and 3rd person coverage for customers. With first person coverage, your company will be reimbursed for costs that affect your company, like hiring lawyers, paying to recover your servers, and paying regulatory fines. With third person coverage, your customers will also be covered against related costs, such as having their identities stolen.
>>MORE: Coalition Cyber Insurance Review
Corvus – Focuses on Mid- to Large-Size Companies
Another new insurance provider, Corvus fills the need for cybersecurity coverage with larger companies. They offer three standard packages,
- Smart Cyber: Insures companies with up to $2 billion in annual revenue with $10 million in coverage.
- Smart Tech and E&O: A similar type of coverage dedicated to technology products and services.
- Smart Cargo + Cyber: Covers shipments and cargo that are lost or rerouted in transit via a cyberattack or breach.
>>MORE: Corvus Cyber Insurance Review
Beazley Cyber Insurance – Provides Specialized Cyber Insurance Policies
A specialist insurance company, Beazley offers tailored cyber security and breach products for clients. They work with small, mid-size, and large firms to create a policy that meets each one’s specific needs. Beazley’s four main coverage types include:
- Cyber Breaches
- Data Security and Privacy Exposures
- Online and Offline Media Coverage
- Media Coverage for Entertainment Companies
CNA – Offers Risk Assessment & Control Tools
CNA not only offers comprehensive cyber insurance policies, they also work with customers to mitigate the risks of a breach in the future. Their CyberPrep program features a three-pronged approach to security starting with an assessment of the client’s cybersecurity and recommendations for improving policies, software protection, and processes. They also provide help dealing with cyber breaches and related incidents.
BCS Cyber Insurance – Established Company & Reputation
Initially started to provide health insurance over 60 years ago, BCS Insurance Company expanded to offer other insurance coverages in the 2000s. Now they offer a variety of coverage, including cyber insurance. BCS only offers their policies through agents, so you’ll need to contact them for a referral to an agent who can assist your company with getting cyber liability insurance.
What is Cyber Insurance?
Cyber insurance can seem confusing at first because it tends to be listed in several different terms. You’ll also see it listed as cyber liability insurance, cyber security insurance, and data breach insurance. All of these protect you in the event that you’ve been digitally compromised. These policies can protect you from the legal fallout of cyber-attack or help with restorations after the fact. Policies also cover the direct costs of such a hack.
The Insurance Information Institute (III) lists several of the costs that tend to be covered by cyber liability coverage:
- Liability: The costs that affect customers and third parties after a cyber-attack
- System recovery: Replacing or repairing electronics after damage and breaches, plus losses from when a system is down
- Notification expenses: These relate to the costs of notifying customers, clients and others when you have had a data breach or similar event
- Class action lawsuits: When data and privacy are compromised, lawsuits can go after the company to recoup losses
- Regulatory fines: If the breach happened because you did not meet regulations, you could face fines
Cyber insurance can also cover additional issues related to hacks, like loss of data itself, business interruption, identity theft, cyber extortion and reputation recovery.
>>MORE: Cyber Insurance: What It Covers & Why Every Business Needs It
What Does Cyber Insurance Cover?
Cyber insurance covers when your company has had a cyber-attack event, such as a data breach or a hack. Most of the recent cyber security breaches that have appeared in the news cost companies thousands or millions of dollars in ransom to remove malware from their computer systems. A good cyber insurance policy can cover the payment of ransom as well as negotiations with the hackers.
These policies are very new on the market so they do vary in what they can cover, but often they can also help with the expenses incurred with:
- Recovery After Identity Theft
- Reputation Management
- Lost Profits
- Cost Of Stolen or Damaged Goods
- Hardware & Software Replacement
- Customer Notification Costs
- Legal Fees & Settlements
- Regulatory Fines
What Doesn’t Cyber Insurance Cover?
Thankfully, most cyber insurance policies provide a broad range of coverage in addition to regular monitoring services. There are a few things that your cyber insurance may not cover, like:
- Costs of improving your computer systems, network, security
- Loss of intellectual property, like a movie script being stolen and leaked online
- Loss of potential future profits, like the profits from the potential sale of goods that were redirected by a cybersecurity breach.
There may also be exclusions that you need to worry about when maintaining your coverage and filing a claim. Insurers usually deny claims if:
- You fail to maintain minimum security standards.
- You file a claim for bodily injury and property damage; other types of insurance provide coverage for these events.
- The loss is the result of war, terrorism, invasion, or insurrection.
- The act occurred before the coverage start date.
Some insurers may also exclude coverage of your employee’s laptops if they bring them home for work, and certain regulatory fines that your company incurs after a breach.
Who Needs Cyber Insurance? And Why?
Even if you do everything right, like update your antivirus software and encrypt your data, hackers are always finding ways around corporate security measures. Often, lawsuits can result when private information is compromised after a hack. It can also be expensive to recover data and clean up your reputation after a hack.
Cyber liability insurance protects companies in many industries who may be exposed to the internet or even work online. If you have a computer network and servers with valuable data on them, your company could be hacked. Some industries that have featured prominent cyber breaches in the past include:
- Online Retail
- Social Media
- Manufacturing
- Utilities
- Local & Regional Government
- Insurance
- Automotive
Learn more why all businesses should get cyber liability insurance
What Affects the Cost of Cyber Insurance?
Cyber security insurance is another one of those insurance types that can vary drastically based on a number of different conditions. According to Progressive Commercial, those factors can include:
- Coverage needs and limits: Like other insurance types, higher payout limits translate to higher premiums, and larger / riskier businesses will need higher limits
- Network security: You could reduce your costs by showing that you have a secure network
- The type of profession you work in: Some professions collect larger amounts of sensitive data, which can lead to higher potential losses
- Claims history: If you’ve filed a claim in the past, that can increase premiums
- Data access: Who accesses your data can affect risk, such as if third-party contractors regularly access your network; more people accessing your network can mean more of a risk that your data could be compromised
For example, cyber liability insurance can cost anywhere from $500 annually to $5,000 or higher. On the extreme end, large-scale businesses with a high degree of sensitive data may need $3 million in protection and could pay more than $25,000 annually.
How Much Does Cyber insurance Coverage Cost?
Like all insurance types, prices could vary depending on business size and what types of insurance you can get. The quote we were able to retrieve from CoverWallet quoted us at $75 per month for a small accounting company through BCS. However, it’s challenging to get quotes online directly from companies because cyber security insurance is a specialized product that is sourced best directly from agents and reps.
It is always a good idea to shop around with a few companies or work with a digital broker like CoverWallet to compare several quotes before selecting the final one for you.
Learn more at How Much Does Cyber Liability Insurance Cost?
Cyber Liability Insurance vs. Data Breach Insurance: How Are They Different?
Cyber liability insurance and data breach insurance are the two popular types of cyber insurance. They offer similar coverages. However, they are designed for businesses of different sizes.
Data breach insurance is designed primarily for small businesses, while cyber liability insurance is for mid-sized or big enterprises. Learn more about the best data breach insurance companies for small businesses.
Data breach insurance coverage:
If your small business becomes a victim of a cyber crime, data breach coverage can help pay to:
- Notify impacted customers, patients or employees, which can be costly and is a requirement in most states
- Offer credit monitoring services to data breach victims, which is also a requirement in many states, so they can find out if they’re compromised information has been used in a financial crime against them
- Hire a public relations firm to help rehabilitate its reputation.
Extra coverages that can be added to a small business data breach policy include:
- Business income and extra expense coverage which can help replace lost income if your business can’t operate because of a data breach
- Prior acts coverage, which covers claims related to a breach that occurred before your policy went into effect and you weren’t aware of it
- Extortion coverage, which helps cover the amount of ransom you have to pay to retrieve your business data if your company is the victim of a ransomware attack.
Cyber liability insurance coverage:
If a business is the victim of a cyberattack, cyber liability insurance can help cover:
- Legal services to help you meet required state and federal regulations
- Notification expenses to alert impacted customers, clients, patients and employees that their personal information was compromised
- Ransom paid to release locked files in a ransomware attack
- Lost income because of a computer network outage
- Costs of lawsuits by customers, patients or employees because their personal information was compromised
- Fines from state and federal agencies.
Personal Cyber Insurance: Coverage, Cost, and Best 3 Companies
Just like companies can be hacked and their data or systems held hostage for ransom, so can personal computer systems. If you work from home, or keep a lot of personal information on your home computers, you might benefit from purchasing personal cyber insurance.
This kind of insurance is still relatively new, so you won’t find many companies offering it as a dedicated service. Usually, it is sold as part of a home insurance policy. Personal cyber insurance covers a variety of financial costs associated with a cyber attack, such as:
- Loss of income
- Replacement of computers/devices
- Costs of temporary rental or hotel, in some cases
- Cyber extortion costs
- Financial loss from cyber attacks or identity theft
Personal cyber insurance and related insurance coverage can be very affordable. For instance, State Farm offers it for just $25 per year as an add-on to your home or renter’s insurance.
If you are interested in obtaining a personal cyber insurance policy, consider these companies:
- State Farm: Offers very affordable cyber insurance add-ons for homeowner’s insurance
- Chubb: Provides compensation for cyberbullying and cyber attacks
- Nationwide: Provides comprehensive cyber insurance coverage and software to protect your computer
Top 10 Recent Cyber Security Attacks
Texas Cyberattacks
In 2019, several small communities throughout Texas dealt with ongoing cyber attacks and demands for ransom. The attacks locked up important computer systems in police departments, town halls, and at utility providers. It’s not believed that any of the communities paid the ransoms, but thousands of dollars went into replacing software and systems that were compromised. One city, Borger, ended up paying IT overtime, bought $44,000 in new computers, and added an additional annual expense of $30,000 for remote backup for its data.
Capital One Data Breach
In March 2019, a single hacker was able to breach a configuration vulnerability in Capital One’s systems that gave her access to more than 100,000 Social Security numbers, 80,000 bank accounts, and other customer data. The hacker placed this information up on a public message board which resulted in the discovery of the breach. Ultimately no ransom was paid, but Capital One was ordered to pay out an $80 million civil penalty by the courts.
This came after an investigation into the breach by the Office of the Comptroller of Currency. The OCC released a report charging Capital One with a ‘failure to establish effective risk assessment processes.’
Canva Cyberattack
In 2019, a cyberattack to Canva resulted in the exposure of 137 million customers’ emails, locations, and logins. Users’ credit card information was also viewed, but the hackers couldn’t download it. Canva had to notify users of the attack and urged them to change their logins. However, some users didn’t change their account info. and Canva was later forced to invalidate their usernames anyway.
University of California at San Francisco Attacked by Ransomware Virus
In June 2020, the University of California was held hostage by a ransomware virus that attacked several of their systems for nearly a month. Administrators were able to isolate the virus so it didn’t spread to the core UCSF network. Initially, the hackers asked for a ransom of $3 million Bitcoin, but the university negotiated them down to $1,140,895 in Bitcoin for the removal of the malware from their systems.
Kia Motors Massive Ransomware Attack
In February 2021, Kia Motors was believed to have been held hostage by a massive ransomware attack that affected their internal sites, apps, payment systems, and more. Kia denied the attack occurred, but news of the attack was leaked online. A group called the DoppelPaymer ransomware gang supposedly held the company up for a cool $20 million for the decryption key and a promise not to leak any stolen data.
Colonial Pipeline Breached by Cyber Hackers
The April 2021 ransomware attack on Colonial Pipeline is still fresh in most people’s memories. A group called the Darkside Gang attacked the company’s billing system and internal business network so they couldn’t accurately charge for gasoline distributed to their customers. The company had to stop delivering gas in certain states which led to temporary shortages.
Eventually, Colonial Pipeline was forced to pay the hackers $4.4 million in Bitcoin to get control of their systems back. Later the government investigated the attack and confirmed that Colonial Pipeline’s cybersecurity wasn’t up to industry standards.
Brenntag Ransomware Attack
Later in May 2021, The Darkside Gang also targeted a chemical distribution company called Brenntag. They stole 150 GB of data and demanded a ransom of $7.5 million in Bitcoin. Brenntag negotiated with The Darkside Gang and eventually settled on a payment of $4.4 million in Bitcoin.
Acer Ransomware Attack
In May 2021, a cyberhacking group called REvil accessed the Microsoft Exchange server for computer manufacturer, Acer, and obtained sensitive data that they also leaked online. REvil demanded a whopping $50 million ransom to keep the rest of the data from being leaked. Acer refused to comment publicly as of July 2021 other than to say they were investigating the situation.
JBS Foods Ransomware Attack
REvil also attacked one of the largest meat processing companies in the US in May 2021 via ransomware. The company was forced to stop operations at several cattle slaughtering operations. JBS Foods ultimately paid out a hefty $11 million ransom to REvil to get control of their systems again.
Kaseya Ransomware Attack
In July, a software provider called Kaseya was also attacked by REvil, in a massive assault that affected hundreds of their clients. Their clients were hit by a virus during a regular software update from Kaseya. Unfortunately, this was a known vulnerability that the company was working to patch when it was breached by the ransomware. All of the companies’ clients had to shut down their servers to prevent further damage to their own systems.
Kaseya denied paying a ransom to REvil, stating that they instead obtained the decryption key for the virus through a trusted third party.
Frequently Asked Questions about Cyber Liability Insurance (or Cyber Security Insurance)
What does a cyber insurance policy cover?
Cyber insurance covers when your company has had a cyber-attack event, such as a data breach or a hack. These policies vary in what they can cover, but often they cover aspects like identity protection, financial loss, reputation management, notification costs, legal fees and many other costs related to a cyber-attack event.
What does cyber insurance cost?
Like all insurance types, prices could vary depending on business size and what types of insurance you can get. The quote we were able to retrieve from CoverWallet quoted us at $75 per month for a small accounting company through BCS. However, it’s challenging to get quotes online directly from companies because cyber security insurance is a specialized product that is sourced best directly from agents and reps.
Who offers cyber insurance?
You can find cyber insurance these days through almost any major business insurance carrier or agent. Because cyber-attacks are so common now, it’s a very popular product.
Why do I need cyber insurance?
Even if you do everything right, like update your anti-virus and encrypt your data, hackers are always finding ways around corporate security measures. Often, lawsuits can result when private information is compromised after a hack. It can also be expensive to recover data and clean up your reputation after a hack. Cyber liability insurance protects in these cases.
Final Thoughts
- Cyber insurance protects you from the legal and financial fall-out of a cyber-attack. For instance, if your business gets hacked and credit card numbers are leaked, cyber liability insurance products can help with legal fees, costs of notifying the public and some even cover identity theft protection. It can also help with repairing damaged electronics and even the costs of recovering the data that’s been compromised.
- Cyber insurance costs vary drastically, depending on the size of your business, the risks of your industry and how much coverage you want. For instance, a large e-commerce company that stores thousands of credit card numbers is going to need more coverage than a small accounting business with 10 clients. It’s important to comparison shop between different companies and cyber security insurance types.
- Some of the top companies that offer cyber insurance include CoverWallet, Zeguro, Chubb, Travelers, AIG and Nationwide. CoverWallet is a good source for finding and comparing data breach insurance quotes
- Personal cyber insurance is also available through companies like State Farm and Nationwide.
- Cybersecurity attacks are becoming more frequent and sophisticated as groups of hackers work together to hold companies up for ransom.