How important is Cyber Insurance?

Contrary to popular perception, small businesses are not too small to be targets of cyber-attacks. Most criminals are looking for the path of least resistance, not the “big score”, and that path typically takes the form of small businesses who don’t believe they are targets and aren’t properly prepared. According to the National Cyber Security Alliance, 60% of small and mid-sized businesses that experience a data breach go out of business within six months.

The Reality of a Data Breach

According to research from IBM’s 2019 “Cost of a Data Breach” report, US based firms face an average cost of $8.19 million per cyber-attack. The average response time to contain a breach is 279 days, but those able to shorten their response window to under 200 days saved an average of $1 million—this is especially important as small business typically take longer to detect a breach, which can result in significantly higher fines.

In 2017, the average cost of a stolen record was $148, and in 2018 that average increased to $160. With rising fines, that cost has been calculated at $242 per stolen record in 2019 and that average is expected to rise year over year. Additionally, for businesses that experience a breach, there is now a 30% chance of experiencing another attack in the next 24 months.

The costs of a data breach will span multiple years. Only about half the costs are seen in the first year. About a third of the costs come in the second year in the form of re-architecting, security monitoring, and additional remediation. Other unaccounted for costs include paying lawyers to ensure the business is in compliance with all breach laws in their jurisdiction, continued monitoring, forensic analysis, etc. The time required to implement the proper protection protocols after a breach can take up to five years.

What is Data Breach Insurance?

Data breach insurance helps to protect business owners against the costs associated with having personal data compromised. This insurance is for more than just cyber-attacks, it also protects against internal failure, human error, and corporate espionage. Coverage includes money for:

  • Legal Consultants
  • Forensic Services
  • Consumer notification
  • Credit monitoring
  • Fines and Penalties
  • Lawsuit Defense and Settlement

Generally speaking, this type of insurance covers the expenses a business has to pay when consumer information is compromised or lost. There are multiple options for small business owners to acquire data breach coverage or cyber liability insurance, usually as a rider on a general liability policy.

Click + for Coverage Details

Not all data breach policies include coverage for cyber liability, meaning that a digital hack may not be covered so a combination of data breach and cyber liability coverage may be required to fully protect against lawsuits, fines, and public relations issues.

The coverage is typically composed of two parts to tailor the coverage for small businesses.

The first part is the Response Expense Limit—this is the total amount paid by the insurer once a data breach is discovered. This would cover things like forensic services, customer notification, and mitigation steps to prevent further damage. For small businesses, the average payout cap has a range of $10,000 to $500,000 based on the selected coverage. The second part is the Defense Expense Limit—this is the amount the insurer pays after for after-attack damages. This will pay for the cost of litigation, regulatory defense, and fines. The payout cap has a range of $50,000 to $500,000.

In selecting a coverage plan, small business owners should take into account the total number and type of customer records they maintain, as well as the potential fines based on type of business, regulatory standards, and area.

Data Breach Insurance Costs

While this will vary slightly based on location, type of business, etc, a rider for specifically for a data breach could be added to an existing commercial general liability policy for about $100 in addition to the premium. A more comprehensive policy that includes cyber liability is typically $1,000 to $3,000 annually.

For 2019, the chart below offers a general idea of costs.

Policy TypeLiability Coverage AmountsTypical Starting Annual Premium
General Liability Insurance Data Breach Rider$1 million for general liability $100,000 for the rider$400 + $100
Business Owner’s Policy Data Breach Rider$1 million for the BOP $100,000 for the rider$500 + $100
Cyber Liability Insurance$1 millionCell_Content

The Insurance carrier will conduct an underwriting assessment for business operation, claims history, and overall risk before finalizing premium costs.

Top Data Breach Insurance Providers

The following providers are highly ranked for small business data breach and cyber liability insurance.

The Hartford
A national insurance provider offering small business insurance policies for a wide range of risks including both data breach insurance riders and specialized cyber liability insurance policies with 24/7 access to a data breach response site to mitigate existing threats quickly. This is a good choice for small business owners in a wide range of industries who want data breach and cyber liability insurance added to a business owner’s policy (BOP), offering both a data breach and a cyber liability endorsement with up to $500,000 in first-party coverage and $1 million in third-party coverage.

For more information please click here: The Hartford

A small business insurance specialist who understand the risks micro-businesses and solopreneurs face and have developed products that meet the budget demands of these businesses. This is a good choice for businesses with large databases and proprietary information maintained on their servers, offering an electronic data loss insurance program that covers both data breach and loss of vital information. This policy helps with third-party and first-party claims, including business interruption coverage if company operations are halted.

For more information please click here: Hiscox

An online insurance broker who partners with major national insurance carriers such as Berkshire Hathaway, Employers, and Liberty Mutual to find a policy. This is a good choice for business owners unsure about their exact insurance needs regarding data breach and cyber liability insurance since they have many carriers reviewing every insurance application to assess coverage requirements.

For more information please click here: CoverWallet

One of the largest insurance carriers in the world, offering specialty insurance lines such as equipment breakdown and cyber coverage and endorsements to their business owner’s policy. This is a good choice for businesses that want to improve their internal systems to protect data and consumer information.

For more information please click here: Travelers

A major national insurer offering a wide array of coverage for business owners with mandatory data security requirements, such as financial services, insurance, accounting, medical, and legal industries where intake forms and client files must be protected. This is a good choice for any business that stores and maintains PII, offering a NetProtect policy that specifically covers both the cyber risks and the in-house paper risks of database and file management.

For more information please click here: CNA