How Much Does Cyber Insurance Cost?Insurance Explained
The Internet has irreversibly changed the way businesses operate and has brought services and commerce into a new paradigm that’s both full of opportunity and uncertainty. In order for a business to be successful today, it needs to have some type of an online presence, in most cases. Businesses today need to be able to sell their products and services, market themselves, and communicate with customers online.
It should then be no surprise that the number of cyberattacks targeting businesses of all sizes is steadily increasing each year. This is important because cyberattacks can be devastating to your business, both financially and in terms of reputation.
And while there are best practices that can be implemented in order to protect your business against cyberattacks, there is no foolproof solution for avoiding them completely. The next best way to protect your business from cybercrime is by purchasing business insurance policies in order to transfer some of the risk associated with cyberattacks to a third party, namely, an insurance company.
The policy that was specifically designed by insurers to protect businesses from these types of risks is called cyber liability insurance.
Who Needs Cyber Liability Insurance?
In today’s business climate, it’s hard to find a business that doesn’t need cyber liability insurance. If you run a business that stores sensitive client, customer, and partner data, you need it. If your business supports electronic transactions, you definitely need it.
One of the greatest myths related to cybersecurity is that cybercriminals only target large corporations because that’s where they can steal the most money and do the most damage. That really couldn’t be farther from the truth.
The rate of attacks on small businesses is constantly increasing and this trend is expected to continue in 2020 and beyond. In fact, the COVID-19 pandemic is adding fuel to the fire. With more businesses asking their employees to work from home and many brick-and-mortar businesses starting to offer online services, social engineering attacks and data breach attempts will almost certainly be on the rise for businesses of all sizes and industries.
So in a majority of cases, the answer is “yes,” your business probably has a realistic need for cyber insurance. But what type and how much cyber insurance do you need?
First-Party vs. Third-Party Cyber Insurance
The type of cyber liability insurance your business decides on purchasing should always be based on the needs of your company and which entities need protection. When it comes to cyberattacks, the business that is being attacked is not the only party that can potentially suffer losses. That’s why there are two types of cyber insurance policies that exist, first-party and third-party.
First-party cyber liability insurance protects your company. It will cover all of the costs related to a cyberattack, including but not limited to the following:
- Forensic analysis for identifying the attack source
- Public relations services
- Notification of clients
- Credit monitoring services
- Loss of income
Any business that deals with electronic data should have first-party coverage to cover the many expenses that can arise from a cybercriminal hacking into their network and compromising the company’s data and the data of its clients, partners, and customers.
Third-party cyber liability insurance is tailored towards providing protection for businesses that offer professional services to other businesses that can be compromised by cyberthreats.
This coverage can be compared to professional liability insurance, in the sense that third-party cyber liability insurance can provide protection if you are being sued by another company for errors that you have made which have led to losses or damages to that company.
For example, if your law firm’s data security is compromised, and your law firm is accused of failing to prevent the data breach, third-party cyber liability insurance can pay legal fees, government penalties and fines, and settlements and judgments related to such claims.
Common Types of Cyber Liability Claims
Generally speaking, cyber insurance claims are most often filed as a result of attacks that usually can fall into one of these three categories: hacking, social engineering, and malware attacks.
Hacking is probably the most common type of cyberattack that leads to insurance claims. If your system or network has been compromised by a hacker, your company could be liable for a variety of expenses related to the attack. As mentioned earlier, legal costs to defend your company against third-party lawsuits, the costs of notifying affected parties, public relations costs, and regulatory fines are all possible and would all be covered by your cyber policy.
Phishing or social engineering attacks rely on someone within your company for help in “opening the door” to your data. A very common example of a phishing attack is when a would-be hacker sends an email that claims to be from the CEO of your company to an employee, asking them to follow a link. The employee clicks on the link and downloads something malicious to your network, which grants the hackers access to your data.
The best protection from these types of cyberattacks that rely on employee negligence is providing workplace education regarding these types of threats and preaching vigilance and awareness to your staff.
Malware attacks are also incredibly common and can come in a huge variety of forms. What’s tricky about stopping malware from invading your system is that every type of malware tries to infiltrate your network in a different way. There’s ransomware, for example, which hijacks your system, asking your company to pay a ransom before releasing or unlocking it.
Whether you’re dealing with ransomware, spyware, or a DDoS attack, recovering from a malware attack can be costly and time-consuming.
How Much Does Cyber Liability Insurance Cost?
No matter what type of insurance policy you’re purchasing, there are certain characteristics of your business that are considered the main drivers behind coverage cost. This means that your cyber insurance cost will depend on the type of business you run and the level of cyber risks you are exposed to.
A recent study performed by AdvisorSmith Solution Inc. found that the average cost of a cyber liability policy in 2019 was $1,500 per year for $1 million in coverage, with a $10,000 deductible.
Of course, businesses can pay much less or much more for their coverage depending on several key factors.
What Affects Cyber Insurance Costs?
Let’s take a look at some of the key business characteristics insurers will need to investigate and identify before being able to calculate your business’s cyber liability insurance premium.
Size and Industry
The size of your company is important because the more employees you have, the greater the risk of phishing and social engineering attacks you face. However, your industry is probably the single most important characteristic of your business when it comes to determining the needs and cost of your cyber insurance.
Your business’s industry will place you into one of three tiers (low, medium, and high) of risk related to the type and amount of data your business stores.
Amount and Sensitivity of Data
Low-risk companies, such as local businesses with a limited customer base, will pay less for their cyber insurance than, for example, a retail store that receives and stores customer credit card numbers in their store and through their website or ecommerce shop.
A high-risk company would be something like a hospital or healthcare facility that stores a large amount of very sensitive personal data, such as Social Security numbers, dates of birth, and other highly personal information.
The more money your business makes, in the eyes of the insurer, the greater chances are that a cybercriminal will want to target your company. Therefore, the more revenue your business generates, the more you’ll have to pay for cyber liability insurance.
Strength of Security Measures
Insurers will reward businesses that dedicate significant resources and efforts towards preventing cybercrime with lower premiums. High-risk companies should educate their workers about these risks and employ experts to install security protocols, monitor hardware and software security, and put together proper procedures and plans for what needs to be done if a cyberattack does occur.
Your coverage limits and deductible will also greatly influence your premium. The greater your coverage limit is, the more you’re going to pay. Cyber liability coverage limits typically range between $500,000 and $5 million per occurrence.
The deductible is the amount of loss that your business is responsible for in the event of a cyberattack that is covered by your policy. Businesses should consult their brokers to determine which options are best for them. For example, if you’re going to pay a lower deductible, you’ll pay less in the event of a cybercrime, however, you’ll end up paying a greater premium.
How to Keep Cyber Insurance Costs Down
One theme that always resurfaces when discussing cyber insurance costs is the generally accepted best practice of focusing on the proper prevention and management of cyberthreats in order to minimize risks and save on coverage.
Just like with any other type of business insurance, the fewer claims filed against your business that your insurer needs to cover, the better your premiums will be over time.
Managing your cyber liability risks starts with educating your employees. Employees that have a good idea of what cyberattacks look like and what suspicious communications they need to steer clear of will be less likely to do anything that puts your business at risk. Making sure that your staff understands what phishing and social engineering look like gives them the awareness needed to avoid falling for these types of schemes.
As previously mentioned, having an in-house security team that is dedicated to protecting your business from cyberthreats is a smart investment, especially in high-risk industries. Another important aspect of cybercrime risk mitigation is making sure that your business partners and any third parties that have access to your networks are also well protected and don’t pose a security threat.
If you’re interested in learning more about cyber liability insurance and want to discuss your coverage needs with professionals who are familiar with your industry’s specific risk profile, feel free to reach out to one of our expert brokers at any time.
Learn why having a strong cybersecurity risk management plan is paramount for any modern business that relies on the Internet to connect with clients and business partners.