Choose from the nation's best insurance providers
Cyber insurance
Cyber insurance
Cyber insurance, also called cybersecurity insurance, protects small businesses from the high costs of a data breach or malicious software attack. It covers expenses such as customer notification, credit monitoring, legal fees, and fines.
What is cyber insurance and why is it important for small businesses?
Cyberattacks and data breaches are expensive and increasingly common. Small businesses often have weak cybersecurity and large vulnerabilities, which makes them an attractive target for cybercriminals.
A cyberattack isn’t just an inconvenience – it can put you out of business. The global average cost of a data breach in 2023 was $4.45 million, while nearly 43% of cyberattacks were against small businesses.
Cyber insurance coverage helps your business recover from financial losses caused by cyberattacks, data breaches, and other cyber events. It can pay for credit monitoring, attorney’s fees, fines, data recovery, and other costly expenses.
Businesses that purchase cyber insurance typically handle:
- Credit card or bank account information
- Medical information
- Social Security numbers or driver’s license numbers
- Customer names, email addresses, phone numbers, and addresses
- Cybersecurity for other businesses
What does cyber liability insurance cover?
Cybersecurity insurance covers your incident response costs associated with data breaches and cyberattacks, including the cost of recovering important data and hiring legal representation.
There are two types of cyber liability insurance coverage: first-party coverage and third-party coverage.
Most businesses need first-party cyber liability insurance to defend against their own cyber risks, especially if they handle personally identifiable information (PII) for customers.
Companies that are responsible for their clients’ cybersecurity would need third-party cyber liability insurance to provide legal protection from client lawsuits.
What is first-party cyber liability insurance?
First-party cyber liability insurance, sometimes called data breach insurance, covers costs related to a data breach or cyberattack that directly impacts your business.
You can often add this coverage to your general liability insurance. It’s recommended for businesses that collect personal information, such as customer credit card numbers or email addresses.
Specifically, first-party cyber liability insurance can help cover:
Data breach response costs
State laws typically require a response when a business is impacted by a data breach. Cyber insurance helps cover costs associated with hiring a digital forensic expert to investigate the breach, customer notifications, consumer credit and fraud monitoring services, as well as Payment Card Industry (PCI) compliance fines.
Business interruption expenses
When a cyber incident brings necessary systems offline or otherwise grinds business to a halt, cyber insurance can help cover business interruption expenses, such as the cost of hiring additional staff or renting equipment. This includes purchasing third-party services, such as hiring a public relations manager or crisis management team.
Ransomware payments
If a hacker encrypts private information about your company or its employees and holds it for ransom, cyber liability insurance will help with payments to meet cyber extortion demands.
What is third-party cyber insurance coverage?
Third-party cyber liability coverage helps pay for legal costs when a client sues your company for failing to prevent a data breach or cyberattack at their company. This insurance is recommended for technology businesses that make software recommendations to clients or are responsible for their network security.
Third-party coverage can be bundled with your errors and omissions policy into what is known as technology errors and omissions insurance, or tech E&O.
Specifically, third-party cyber insurance can help cover:
Legal defense costs
If a client sues your business for failing to prevent a data breach at their business, cyber liability insurance could help cover attorney’s fees and other legal costs for your defense in court.
Settlements
If your business faces a lawsuit from a client who experienced a data breach, you and the client could decide upon a settlement out of court that would amend the damages they experienced.
Court-ordered judgments
If a client accuses you of being responsible for a data breach at their business and sues your company, you may be legally obligated to pay for damages from any judgments in the lawsuit.
How much does cyber liability insurance cost?
Insureon customers pay an average premium of $145 per month for cyber insurance. The cost of cyber liability insurance is based on several factors including:
- Amount of sensitive data handled
- Your industry
- Coverage limits
- Number of employees
All of these factors will be instrumental in determining how much cyber liability insurance your small business needs.
How to protect your business from cyberattacks
Data breaches are expensive and can take a long time to resolve. On average, it can take around 241 days for resolution if a breach is discovered internally, or closer to 320 days if the breach is disclosed by a hacker, according to a study by IBM and the Ponemon Institute. The study found that only one-third of breaches were discovered by an organization’s own staff.
A cyber liability insurance policy can help pay for:
- Mandatory notification of affected parties
- Investigating and fixing security flaws
- Several years of credit monitoring services for affected customers
- Loss of business opportunities
Complete our easy online insurance application to get free cyber liability insurance quotes that meet the needs of your small business.
Who needs cyber insurance?
IT professionals
Cyber liability insurance for technology companies covers legal costs when a client blames you for failing to prevent a data breach or cyberattack at their business.
For example, if an IT consultant leaves data for a small healthcare company unsecured on Amazon Web Services, and a cyberattack exposes hundreds of Social Security numbers and email addresses belonging to the company’s customers, the healthcare company could blame the consultant and file a lawsuit.
The consultant’s cyber liability policy helps pay for legal defense costs and the eventual settlement.
Retailers
Cyber insurance helps retail businesses recover after a cyberattack exposes customer information. It’s recommended for any shop that handles credit card numbers or other sensitive information.
For example, an employee at your clothing store accidentally opens a social engineering email containing a malicious computer virus. The virus encrypts data crucial to your business’s operations and demands a ransom for its retrieval.
Your cybersecurity insurance reimburses you for the ransom and for the cost of hiring someone to look into the source of the attack.
Healthcare organizations
Healthcare organizations and medical service providers often have to abide by exceptionally strict privacy and security guidelines, such as HIPAA, to avoid regulatory fines and other legal consequences.
Cyber insurance for healthcare organizations can help cover legal costs and provide essential resources, such as notifying clients or patients that their data was exposed, credit monitoring services for affected clients, and PR campaigns to restore reputation.
For example, a ransomware attack on a doctor’s office could force them to lock their patient billing and scheduling software in order to investigate the breach and prevent further damage, affecting the office’s 100,000 patients.
Cyber liability insurance would cover business interruption expenses while the facility works to reboot and upgrade security on its system.
Financial service providers
Cyber insurance can cover legal fees and expenses for financial professionals, while also providing vital resources to help recovery if they experience a cyberattack or data breach.
For example, if a tax preparer asks a client to upload a document with sensitive data online and that client data is stolen or compromised, the affected client might decide to sue the tax preparer to recoup expenses.
Cyber liability insurance can shield your business from legal expenses related to a data breach by paying for court costs and attorney fees.
Real estate professionals
Cyber liability insurance for real estate professionals can help pay for recovery expenses while also providing resources to help aid customers affected by a data breach.
For example, a real estate agent loses a laptop containing sensitive client information. The data breach laws in their state require them to notify their customers, and they also run a PR campaign to help restore trust.
Cyber insurance provides coverage for notification costs, PR efforts, fraud monitoring services, and other related expenses.
Get business owner's policy quotes
Top professions that need cyber insurance
What does cyber liability insurance not cover?
While cyber insurance covers costs related to cyber threats, it does have a number of coverage exclusions. For example, it does not cover data loss caused by a power outage.
Other exclusions from cyber liability insurance coverage include:
Mistakes and oversights
Professional liability insurance, also called errors and omissions insurance, covers the costs of lawsuits over mistakes and oversights. This policy also covers legal costs related to professional negligence.
Data loss caused by accidental damage
While a cyber insurance policy covers data lost in a software attack, it does not insure data lost from accidental physical damage to a network or storage device.
Electronic data liability coverage expands the property damage coverage in a business owner’s policy (BOP) to include a loss of data caused by accidental damage to a customer’s computer, hard drive, or other data storage equipment.
Data loss from natural occurrences
If you experience data loss during a power surge, fire, or natural disaster exposure, you would need electronic data processing (EDP) insurance. You can typically bundle this coverage in a business owner’s policy. It provides protection for data loss in your electronic data processing equipment, such as computers and backup systems.
FAQs about cyber insurance
Get answers to common questions about cyber insurance.
How do cyberattacks happen?
Cyberattacks can happen when network security at a business is not up to date, or employees lack the training or knowledge to recognize phishing attempts, ransomware, and other cyber hacking red flags.
According to a recent report, 82% of ransomware attacks target small businesses. Ransomware gangs often attempt to extort companies that are lucrative enough to pay a hefty ransom, but also small enough to make hacking attempts easier, as well as keep media and law enforcement attention low during the fallout.
When a data breach or cyberattack occurs at a business, cyber liability insurance can help defray costs to the business and help a company survive the breach.
Learn more about protecting your business from ransomware attacks and other threats.
What are some examples of data breaches and cyberattacks?
Cybercrime is a multibillion-dollar industry. Security firms constantly struggle to stay ahead of hackers looking for lucrative victims. Even with careful security measures in place, catastrophic data breaches can, and do, occur.
For example, earlier this year MailChimp suffered a second data breach where a threat actor gained access to data attached to 133 accounts through a social engineering attack. This attack is just one of many that occurred in 2023 .
Phishing emails, malware, security breaches, network security issues, and computer system breakdowns are just a few examples of the kinds of cyber risks that could cause serious liability or losses.
This could impact a financial planning business that stores bank account information, or even a gaming app developer that collects user profile information.
Where can I learn more about cyber liability insurance?
If you want to learn more about this policy, you can find additional answers in our frequently asked questions about cyber insurance.
You can also contact an Insureon agent to discuss cyber liability and the types of business insurance you may need as part of your risk assessment and management plan. We can help you choose the right insurance products and discuss pricing, with quotes from top-rated insurance companies.
Cyber insurance cost
The cost of cyber liability insurance varies based on a number of factors about your business. Your premium is directly impacted by your policy limits, how much sensitive data your company handles, and more.
What is the average cost of cyber insurance?
Small businesses pay an average premium of $145 per month, or about $1,740 annually, for cyber insurance, also called cyber liability insurance or cybersecurity insurance.
Our figures are sourced from the median cost of policies purchased by Insureon customers from leading insurance companies. The median offers a better estimate of what your business is likely to pay because it excludes outlier high and low premiums.
Typical cybersecurity insurance costs for Swift Insurance customers
While Swift’s small business customers pay an average of $145 monthly for a cyber insurance policy, 38% pay less than $100 per month and 33% pay between $100 and $200 per month.
The cost varies for small businesses depending on their risks and the coverage they choose.
Understanding cyber liability insurance cost factors
As with other types of insurance, your provider calculates your cyber insurance premium based on a number of factors, including:
- Your policy limits and deductible
- Cyber threats in your industry
- Type of cyber insurance purchased
- Amount of sensitive information handled
- Number of employees
- History of insurance claims
How do policy limits and deductibles affect cyber insurance costs?
Businesses that face higher risks may choose to pay more for higher policy limits. Overall, the amount of cyber liability coverage your business needs depends on your industry, your type of business, and the type of customer data you handle.
Cyber liability insurance policies have two limits, which typically range from $1 million to $5 million:
- Per-occurrence limit. While the policy is active, the insurer will pay up to this amount to cover any single incident.
- Aggregate limit. During the lifetime of the policy (usually one year), this is the maximum the insurer will pay to cover claims.
The average deductible for a cyber liability policy is $2,500 for Insureon customers. A higher deductible results in a lower premium, but make sure it’s an amount you can easily afford. If you can’t pay for it in a crisis, your insurance won’t activate to cover your claim.
How does your industry impact the cost of cyber liability insurance?
Your industry will undoubtedly impact the cost you can expect to pay for cyber liability insurance. Industries with higher risk typically result in higher premiums.
Cybersecurity companies, network security companies, IT consultants, and other businesses responsible for their clients’ cybersecurity can expect to pay more for cyber insurance coverage. This is because the potential for financial losses and reputational damage resulting from cyber errors is much higher.
Non-tech industries should carry cyber insurance as well, especially if they use POS systems, keep electronic client records, or do digital transactions. Even if they aren’t managing major tech projects, employees can still fall victim to costly social engineering and phishing attempts, which can compromise client data.
Cyber insurance is just one policy that small businesses must consider. Depending on the industry that you work in, such as construction or cannabis, you may be required by your state to carry other types of insurance, most often general liability insurance.
How the different types of cyber insurance impact cost
Different types of cyber insurance can impact the amount you’ll pay for coverage.
Most businesses only need first-party cyber liability insurance, also called data breach insurance, to defend against cyber risks at their own business. The cost depends on how much customer information they handle, such as credit card numbers or Social Security numbers.
Tech companies and consultants usually need third-party cyber coverage, which pays for legal costs if a client blames their business for failing to prevent a cyber incident. They can often combine this policy with professional liability insurance in a policy bundle called technology errors and omissions insurance, or tech E&O.
Top industries we insure
Cyber liability coverage provides affordable, necessary protection for your small business
Many small businesses forgo insurance because they assume they’re at low risk for cybercrime. However, cybercriminals often target small businesses as they have fewer resources to protect themselves.
Here’s how these costs can escalate at a small business:
- A hacker brings down the software that a company relies on for customer transactions. The company misses three business days of work while the software is unavailable. Cyber liability insurance can pay for the business interruption caused by the outage.
- A cybersecurity consultant is sued for failing to prevent a ransomware attack on a client. The consultant has to pay the cyber extortion demand required to recover the client’s data, on top of legal defense costs.
- A data breach exposes the personal information of hundreds of customers at a small retail shop. The retailer has to pay for a credit monitoring service for all those customers for several years, as well as any costs associated with the state-required notification for each customer. They may also have to invest in a public relations campaign to help fix their reputation.
As you can see, cyber insurance is an important part of risk management for any business that handles sensitive information.
How can you save money on cyber liability insurance?
Cyber liability insurance costs vary based on several factors. In addition to choosing lower coverage limits, these tips can help keep costs down:
Bundle your insurance policies
Businesses can often save money by bundling policies purchased from the same insurance provider.
For example, tech companies often choose to buy technology errors and omissions insurance, also called tech E&O. This policy bundles errors and omissions insurance with cyber liability insurance to protect against lawsuits related to mistakes, including failure to prevent a data breach on a client’s system.
Pay the annual premium upfront
You can usually choose to pay your cyber liability insurance premium in monthly or annual installments. While it’s tempting to go with monthly payments because they require less cash upfront, many insurance companies offer businesses a discount for paying the entire annual premium at once.
Manage your cyber liability risks
If your small business has no cyber liability claims history, you could save money on your premium. You can also save money by implementing security measures at your business. For example, you might:
- Routinely change your business’s account passwords
- Invest in secure equipment and software
- Teach employees to recognize and avoid malware and phishing attempts
- Implement multi-factor authentication for employees
Why do small businesses choose Swift?
Once you find the right policies for your small business, you can begin coverage in less than 24 hours and get a certificate of insurance for your small business.
Frequently asked questions about cyber insurance
Cyber liability insurance offers financial protection to small businesses in case of data breaches and cyberattacks. Find out what cyber liability covers, how to obtain this coverage, and the answers to other frequently asked questions.
Cyber insurance coverage and requirements
What does cyber liability insurance cover?
Cyber insurance, also known as cyber security insurance, helps small business owners deal with the expensive costs of data breaches and malicious hacking.
It helps you cover the costs of credit monitoring, legal fees, and fines, as well as notifying your customers, which is typically mandated by each state’s data breach notification laws.
How do first-party and third-party cyber liability insurance differ?
First-party cyber liability insurance, also known as data breach insurance, covers the direct costs of a data breach or cyberattack.
This may include cyber ransom payments, business interruption costs, and breach response costs such as customer notification, credit monitoring services, and Payment Card Industry fines. This coverage is often used by companies that handle financial data, such as credit card information.
In addition, first-party cyber liability insurance sometimes includes media liability, which protects against software copyright infringements. This often needs to be added as an additional coverage.
Third-party cyber coverage insures your business against the cost of a lawsuit, if a customer sues your company for failing to prevent a data breach or cyberattack at their business. It can help cover your legal fees, settlement costs, and court-ordered judgments.
This coverage is often used by technology businesses that help clients maintain their computer systems and are responsible for network security.
Third-party cyber liability coverage can be combined with an errors and omissions policy into what is known as technology errors and omissions insurance, or tech E&O.
Does cyber liability insurance cover frivolous lawsuits?
It does, and that’s one of the reasons so many businesses buy this coverage. If a customer sues you over data loss or a cyberattack, your cyber liability insurance will cover you even if you’re not at fault.
When do I need cyber liability insurance?
You need cyber liability insurance before an incident happens. Cyber liability coverage is typically issued as a claims-made policy, which means a claim is only covered if the incident and lawsuit occur while the policy is active.
How to buy cyber insurance with Swift Insurance
How quickly can I get cyber liability insurance with Swift?
Our easy online application takes just a few minutes to complete. You can compare insurance quotes from top-rated U.S. carriers. If you need help with your decision, you can speak with one of our Swift agents about your business insurance needs.
Once you find the policy you need, you can begin coverage in less than 24 hours. We can email you a certificate of insurance, which is the proof-of-insurance you need to show when you sign certain contracts or apply for professional licenses.
How much does cyber liability insurance cost?
Your cost of cyber liability insurance depends on several factors, such as your policy limits, how much sensitive data your company handles, any claims you’ve had in the past, and your exposure to potential data breaches and cyberattacks.
Among Insureon’s small business customers, the median cost of cyber liability insurance is $140 per month (or $1,675 per year). The median excludes high and low outliers, so it provides a better estimate of what your small business is likely to pay than the average cost.
Over a quarter of small business owners (27%) pay less than $1,000 per year for cyber liability insurance, and another 36% pay between $1,000 and $2,000 per year. These figures are sourced from an analysis of policies issued to Insureon customers.
What industries most often purchase cyber liability insurance?
Businesses that handle or protect large amounts of data will buy cyber liability coverage, especially if this data is Personally Identifiable Information (PII) such as credit card information, Social Security numbers, and medical records.
This includes:
- Auto services and dealers
- Building design professionals
- Consultants
- Finance and accounting professionals
- Food and beverage businesses
- Healthcare facilities
- Healthcare professionals
- Information technology businesses
- Installation professionals
- Insurance professionals
- Landscaping professionals
- Manufacturing businesses
- Media and advertising companies
- Personal care businesses
- Pet care businesses
- Printer and copier businesses
- Professional service professionals
- Real estate professionals
- Retail businesses
- Sports and fitness businesses
- Therapists and counselors
- Wholesale and distribution businesses
Business owner’s policy changes and claims
What happens if I need to buy more insurance later?
It’s easy to add insurance at a later date. Your insurance agent can adjust the coverage amount on an existing policy, and also provide assistance if you need to purchase additional policies.
What happens if I cancel my policy?
If you cancel your policy early, you run the risk of paying more the next time you purchase coverage. Insurance companies typically charge higher rates to businesses that canceled a previous policy. You also leave your business exposed to potential risk if you cancel your coverage.
How do I make a general liability or property insurance claim on my BOP?
To make a general liability claim or a property insurance claim, simply call your insurance provider. Your agent will ask you to provide a description of the incident and basic information such as your name, the business name, and your policy number. Your insurance agent can guide you through the process and provide answers to any additional questions.
Cyber liability insurance policy changes and claims
How do I make a cyber liability claim?
Filing a cyber liability claim is easy, just contact your insurance provider directly. They will ask you for a description of the incident, information about your business, and your policy number. The agent will talk you through the filing process and answer your questions.
What happens if I need to buy more insurance later?
Your Insureon agent can guide you through all your policy options, increase your level of coverage, and tell you what kind of impact this will have on your premiums.
What happens if I cancel my policy?
Canceling a policy before its expiration date means you’ll likely have to pay more for the same coverage in the future, as insurance companies typically charge higher premiums to businesses that cancel their coverage.
It could also leave you unprotected in case of a lawsuit. Cyber liability coverage is usually a claims-made policy, meaning it only covers claims for incidents that happen and lawsuits that are filed while a policy is active.
Compare cyber insurance with other policies
What's the difference between technology E&O and cyber liability insurance?
Cyber liability insures against the costs of dealing with a cyberattack or data breach at your business. This is known as first-party liability insurance because it directly impacts your business. It can often be added to your general liability insurance, a business owner’s policy, or a tech E&O policy.
Technology E&O combines cyber liability and errors and omissions insurance. This coverage is for third-party liabilities, such as when a customer accuses you of negligence that led to a data breach on their own system.
What is the difference between cyber liability and electronic data liability coverage?
Electronic data liability insures you against data loss when there’s physical damage to or loss of your tangible property, such as a computer or hard drive.
Cyber liability insurance covers you in case of cyberattacks and data breaches, where the damage is digital rather than physical.