Insurance is a cornerstone of risk management strategies, which is why we have insurance for our homes, cars, and costly incidents like fires and floods. But in this digital age where our lives and businesses are intricately intertwined with technology, we also need cyber insurance.
Cyber insurance provides a safety net for when we or our business becomes a victim of a cyberattack such as hacking or a data breach. Like other types of insurance, cyber insurance protects us from potentially huge financial dents. But how much does cyber insurance itself cost, and is it worth it?
In this guide, we’ll get into what you can expect to pay for cyber insurance, what it covers, and how you can keep your costs down based on our experience buying and using cyber insurance ourselves.
How Much Does Cyber Insurance Cost?
You know how insurance companies work. When it comes to cost, there’s never really a straightforward answer. It always depends on a huge number of factors. In the case of cyber insurance, the main determining factor is whether you’re getting insurance for yourself or your business.
Personal Insurance Policies
Typically, individuals buy cyber insurance as add-ons to their homeowners insurance policies. Of course, every policy is different and prices can vary considerably based on factors like geographic location, customer service, purchaser history, and coverage exemptions. Some insurers charge as little as $10 a month for $25,000 worth of coverage. In general, though, you can expect to pay $25 to $100 per month for cyber insurance, depending on how much coverage you want and which deductible you choose.1
We took the pulse of the masses and surveyed a random group of people to see how much they think the yearly premium would be to purchase a personal cyber insurance policy. We asked them how much they think it costs for a policy with up to $25,000 coverage, and this was the result:
How much do you think the yearly premium would be to purchase a personal cyber insurance policy with $25,000 coverage? | Overall |
---|---|
Less than $50 | 19% |
$50 – $99 | 25% |
$100 – $149 | 40% |
$150 – $199 | 10% |
More than $200 | 7% |
The majority of respondents (57 percent) of respondents believed that a $25,000 cyber insurance policy would cost at least $100 per year. Most of them (40 percent) thought the yearly premiums would be between $100 to $150. The perception that cyber insurance is expensive explains why for 34 percent of non-users we surveyed, the cost of cyber insurance is the biggest deterrent. But as you’ll see below, a single cyberattack on an individual can be several times more expensive than the yearly premium of cyber insurance.
Business Insurance Policies
Let’s move on to business cyber insurance, which is even more complex than personal cyber insurance. Many factors can influence the price, including:
- Type of industry
- Type of business
- Size of the company
- Amount of sensitive information the company maintains
- Annual revenue
- Strength of security measures
- Coverage level
- Deductible
- Claims history
In our research, however, we’ve established a ballpark figure of about $500 to $5,000 per year. The price varies by state. For example, while the average annual premium of a business plan in Georgia was just over $1,450 in 2020, the average cost in New York was $1,616.
FYI: The average cost of business cyber insurance in 2020 was highest in the state of Arkansas, where an annual policy cost on average $1,646.50.
How to Keep Cyber Insurance Costs Down
Whether you’re applying for personal or business cyber insurance, the reality is that it’s going to cost you. Of course, there are ways you can keep the annual premiums down. Here are a few examples.
Personal Policies
There aren’t many options for lowering personal cyber insurance premiums. However, some companies offer discounts if you:
- Pay your premiums upfront
- Limit your cyber risks by using antivirus software, VPNs, and strong, secure passwords
Business Policies
Normally, insurers don’t advertise business discounts, but most companies will tailor a policy to your particular needs. If that’s the case, you might cut costs by using some best practices to limit your risk.
- Employee training: Ensure that all of your employees understand the cyber risks your business faces and are well trained in minimizing those risks.
- Penetration testing: Hire a tech company that specializes in penetration testing to check your system for vulnerabilities.
- Strict password policies: Follow best practices for passwords, using 12 or more characters and a combination of numbers, letters, and special characters. Consider implementing two- or multi-factor authentication to your online accounts as well.
- Personal data encryption: Encrypt all sensitive data. Make sure the encryption key is safe, and limit who has access to it.
- Limited records: Limit the number of records you deal with. If you don’t need access to some records, store them securely so they can’t be compromised.2
What Is Cyber Insurance?
Cyber insurance is a contract between you and an insurer that says the insurer will pay you for any losses you incur related to your computers or network. Cyber insurance covers many types of cyber incidents, from computer damages to data breaches. In fact, the easiest way to explain cyber insurance is to talk about just what kinds of events it covers.
Personal Policies
Different personal and family policies cover different kinds of cyber dangers, but most offer protection from these incidents:
- Attacks on equipment: Even if you’ve installed the best antivirus software on your devices, malware can still find ways to infect them. Cyber insurance helps you pay for equipment repairs or replacements.
- Cyberbullying losses: Cyberbullying statistics are troubling these days. In fact, 44 percent of U.S. parents report that their children have been harassed online at some point. Cyberbullying during the COVID-19 pandemic became even worse. In July of 2020, five months into the pandemic, we conducted our own study of 500 parents of children ages 10 to 18. Of the parents whose children had been bullied, 56 percent said the bullying had occurred within the last six months, as the pandemic had become widespread. Cyber insurance can cover legal costs, private tutoring, or even relocation expenses you incur as a result of cyberbullying.
- Extortion: Cyber extortion has become one of the most popular forms of cyberattack. Ransomware on your laptop locks down documents and programs, demanding that you pay to regain access. Other attacks gather embarrassing information about you for blackmail purposes. Most cyber insurance covers both types of extortion.
- Identity theft: Thieves want your personally identifiable information, or PII. Once they’ve committed identity theft, they’ll try to make money from it, either by using the information themselves or by selling it on the dark web. A good identity theft protection service can prevent this problem. Additionally, many identity theft protection services now offer some form of insurance to pay for losses or expenses you accrue because of identity theft. It can pay for fraud specialists, identity monitoring, and legal fees.3 However, identity theft protection services don’t cover things like cyberbullying or ransomware reimbursement. To be completely covered, you need both services — identity theft protection and cyber insurance.
Business Policies
Cyber insurance is more complicated for businesses. In the simplest terms, business cyber insurance covers a company’s liability in cases of data breaches of sensitive customer information such as:
- Social Security numbers
- Credit card numbers
- Account numbers
- Driver’s license numbers
- Health records
However, there are two distinct types of cyber insurance for businesses: cyber liability insurance and data breach insurance. Some insurers offer these two types of insurance in combination. Others, such as The Hartford, offer them as separate policies. But what’s the difference between the two?
- Cyber liability insurance: Typically, cyber liability insurance works well for small businesses that store minimal customer data. If the company should lose any customer PII, this policy will pay for expenses like:
- Hiring a PR firm
- Notifying customers, patients, and/or employees of the breach
- Providing credit monitoring and identity restoration to breach victims
Businesses can also customize the policies to add services such as:
- Income replacement
- Prior act coverage, which protects a company from breaches that may have occurred before the policy started but haven’t yet been detected
- Extortion payments
- Cyber breach insurance: Larger companies may need cyber breach insurance, which provides a broader range of coverage in the case of data breaches. For instance, in addition to the costs liability insurance covers, cyber breach insurance pays for:
- Customer lawsuits relating to breaches
- State and federal fines
- Legal insurance to meet state and federal regulations
THE MORE YOU KNOW: Breach insurance is a special type of cyber insurance available to businesses. It protects businesses in case hackers manage to access their customer records.
Why Buy Cyber Insurance?
There are two basic reasons why you need to get a cyber insurance policy. First, cybercrime has become a common problem, and it’s becoming worse every year. Second, cybercrime is expensive, and a policy costs less than what you’re likely to pay if you become a victim.
Personal Policies
Just how widespread is cybercrime these days? In 2020, the FBI’s Internet Crime Complaint Center received a record of 791,790 complaints. That’s a 70 percent increase over 2019. The unfortunate truth is that if you use the internet, you’re vulnerable to cybercrime.
But cybercrime isn’t just widespread; it’s also costly. In total, those 791,790 complaints racked up $4.2 billion in losses to individuals and families. That works out to over $5,300 per attack.4 Cyber insurance ensures you won’t have to pay for those damages yourself.
Business Policies
Every business can benefit from a cyber insurance policy. As with personal policies, the benefits are pretty straightforward. To start with, 58 percent of companies worldwide claim to have experienced a security breach at some point.5 That means the odds are high that your company will suffer a breach eventually as well.
What kind of financial burden will you face if you suffer such a breach? The average cost of a data breach in the U.S. in 2020 was $8.64 million.6 In short, you need cyber insurance because the risk that your company will suffer an attack is high, and the costs are high as well. Having cyber insurance means you won’t be paying those costs by yourself.
Purchasing Cyber Insurance
Not all cyber insurance is created equal. When it comes time to buy a policy, you need to ask the right questions of your agency, such as what kinds of events its policies cover.
Personal Policies
Before you invest in insurance, you should consider these questions carefully:
- How much coverage do you need? The biggest concern when you’re deciding how much coverage you need is what kind of risks you face. At most, what do you and your family stand to lose from a cyberattack? Since the average cost of a personal cyberattack is $5,300, $15,000 worth of coverage is plenty for most homeowners. Of course, that maximum can vary by individual situation. If your financial risk is high, you may need to consider a specialty policy from a company that handles high-value insurance, such as Chubb, AIG, or PURE.
- What events does the policy cover? Different companies and policies cover different cyber events. At a minimum, your policy should cover:
- Ransomware attacks
- Viruses and malware
- Identity theft
- Cyberbullying
- What will the policy pay for? Just because a policy covers a specific event, such as identity theft, doesn’t mean it will pay for all the expenses you might incur. Pay close attention to what your policy pays for, and make sure the list includes:
- Extortion payments
- Equipment replacement
- Software replacement
- Lost wages
- Identity theft restoration services
- Legal fees
- How is the company’s customer service? Too often, customers think only about price and ignore customer service. The cheapest policy in the world, though, won’t be much use if you can’t get your insurance agent on the phone when you’ve suffered a cyberattack. You can start by visiting the Better Business Bureau’s website to read about the company’s reputation. Credit rating agencies such as Moody’s, S&P Global Ratings, and J.D. Power rate insurance companies as well. Find out how each company communicates with customers. Can you contact it 24 hours a day? Does it offer live online help? In general, make sure you can get the help you need when and how you want it.
- What will it cost? Finally, you should compare the price of plans across companies. As a general guideline, you should be able to purchase $25,000 worth of coverage for $25 to $50 per month, depending on the size of your deductible.
Business Policies
With business cyber insurance, you’ll need to zoom in on the specific types of coverage the policy offers.
- What are your specific risks? Calculating risk for a business policy is different from calculating risk for a personal policy. You must consider such factors as how many customer records you keep, what kind of data those records contain, how many employees have access to those records, and what security mechanisms you have in place. Often, the insurer helps you to determine these numbers, but you might hire an outside company to make sure you’re getting precisely what you need.
- Can you get retroactive coverage? Data breaches often go undetected for some time. That means a data breach may happen before your policy starts, but that breach might not cause damage until after the coverage goes into effect. Will your insurance pay for that breach, or not? Look for companies that will pay for it or at least allow you to purchase add-on coverage that will pay for it.
- Do you need regulatory coverage? Data breaches, in particular, can result in fines for your business. Ask your insurer whether your coverage pays regulatory fines.
- Does your policy cover equipment? Cyber breach policies cover data breaches, but they often don’t cover damaged equipment. Coverage for damaged equipment may require a separate policy.7
Trends in Cyber Insurance
Cyber insurance has been around for less than 30 years, so it’s an industry that’s still evolving, just as cyber risks evolve over time. Here are a few trends in cyber insurance that predict where the industry is heading:
- Rising prices: In a recent survey of insurance brokers, more than half of clients reported that their prices rose by 10 to 30 percent in 2020.
- Lower coverage limits in some business sectors: The growing number of cyberattacks has led insurers to set coverage limits for some business sectors that face greater cyber risks. These sectors include education, which deals with the data of minors, and healthcare, an industry that collects protected health information, or PHI.
- Cyber-specific policies: More insurers are offering both personal and business cyber insurance as stand-alone policies rather than as part of more comprehensive insurance policies.
- Increasing popularity of cyber insurance: Insurers report a higher percentage of their clients are now investing in cyber insurance. Where 26 percent of people requested cyber insurance in 2016, 47 percent requested it in 2020.8
The Most Common Cyber Insurance Claims
Cyber insurance covers various types of claims, but a few show up more often than others.
- Data breaches: A data breach is when a hacker gains access to customers’ PII. Data breaches are the most common business cyber insurance claim, and they have the largest total losses. According to a report by the insurer Willis Towers Watson, for instance, 73 percent of its clients’ claims between 2013 and 2019 involved breach/incident response and crisis management.
- Cloud hacks: Hackers use phishing attacks to gain access to individual cloud accounts. Once they’re in, they use the cloud infrastructure to jump from one customer account to another.
- E-commerce shutdowns: Hackers aren’t just about money. Hacktivists are more interested in shutting down your business. If they can hack into a website, they can shut you down completely.
- Account takeovers: The largest number of personal cyber insurance claims each year involve account takeovers. In these cyberattacks, thieves try to take over your bank accounts or credit card accounts and make fraudulent transactions. Find out more in our guide to protecting yourself from account takeovers.
- Phishing: The number of phishing scams rises each year, and the attacks are becoming more sophisticated. According to FBI statistics, for instance, phishing attacks more than doubled between 2019 and 2020.
- Malware: To prevent malware attacks, buy the best antivirus for your business or the best antivirus software for personal use. Antivirus software should protect you from most of these cyberthreats:
- Ransomware
- Spyware
- Trojan viruses
- Computer worms
- Adware
There were 5.6 billion malware attacks in 2020, and no antivirus can stop all hacks. When those threats get through, cyber insurance pays to repair and replace your equipment and software. It will often pay ransoms as well.
Recap
Cyber insurance is a growing industry, and with good reason. There are more cyberthreats out there than ever before. For instance, the FBI reported a 300 percent rise in cybercrime during 2020.
We recommend that you buy cyber insurance whether you’re looking to protect your home or your business. However, consider the costs and the ways you can save money on your protection before you buy a policy.
FAQs
Cyber insurance is a complex topic, and we know you have lots of questions. We’ve taken the time to answer the ones we hear most frequently.
-
What is the average cost of cyber insurance?
The average annual premium for personal cyber insurance is between $300 and $1,200, depending on the level of coverage and the specific deductible you choose. The average cost of cyber insurance for a business is between $500 and $5,000 per year.
-
Is cyber insurance worth the cost?
Cyber insurance is worth the cost. The number of cyberattacks in the U.S. rose by 70 percent in 2020. Meanwhile, the average cost of a cyberattack on a personal network was $5,300. With policies as low as $300 a year for $25,000 worth of coverage, it would be over 17 years before a customer paid more in insurance than they would likely save in the event of an attack.
The cyber risks for businesses are even greater. In fact, 58 percent of businesses worldwide report they’ve been attacked at some point, and the average cost of a single data breach in the U.S. is $8.64 million. On average, a cyber insurance policy with a coverage limit of $1 million costs $1,500 in annual premiums. That price is within reach for even small businesses, and the risks are simply too great not to have cyber insurance.
-
Who offers cyber insurance?
Many companies offer cyber insurance, including:
- Acuity
- Agency Height
- AIG
- Alleghany Corporation Group
- Allianz
- American International Group
- AmTrust Financial
- Arbella
- Argo
- Aspen Insurance Group
- AXA
- AXIS Capital
- BCS
- Beazley
- Berkshire
- BlackFire Cyber Insurance
- Burns & Wilcox
- Central Insurance
- Chubb
- CNA
- Corvus
- CoverageSmith
- CoverWallet
- Cowbell Cyber
- CyberPolicy
- Embroker
- Fairfax
- Gannon Associates
- Hackinsure
- Hanover Insurance
- Hathaway
- Hiscox
- HSB
- Liberty Mutual
- Markel Corporation Group
- Nationwide
- Plymouth Rock
- PURE
- Resilience
- Safety
- Selective
- Sompo
- State Farm
- The Cincinnati Insurance Companies
- The Hartford
- The Doctors Company
- Tokio Marine
- Travelers
- Berkley Insurance Group
- Catlin
- Reinsurance America Group
- Zurich
-
Who needs cyber insurance?
Anyone who uses the internet needs cyber insurance. If you access the internet, you are vulnerable to a variety of cyberattacks, from simple viruses to identity theft to ransom demands. Any business that collects and stores sensitive customer information is especially vulnerable to attacks.