Technical Expertise

May 19, 2022   •   5 minute read

What Can Cyber Insurance Cover?

With even the most comprehensive cybersecurity monitoring software in place, hackers’ strategies evolve at a near-constant rate, making cyberattacks an imminent risk for all businesses.
In the inevitable event of a cyberattack—occurring around every 11 seconds in the United States—it is vital businesses enhance security measures with cyber insurance, policies that help cover related financial losses and assets.

What Is Cyber Insurance?

Just as you might have medical or car insurance in the event of unforeseen accidents, cyber insurance is a vital security measure for businesses, big and small. In fact, adversaries tend to disproportionately target small businesses. 

More than half (55%) of small businesses have experienced a data breach and 53% have undergone repeat attacks, according to a resource white paper by Nationwide Mutual Insurance Company. Unfortunately, only a mere 14% of these are equipped to defend themselves, according to the 2019 study “Cost of a Cybercrime” by independent research center Ponemon Institute—with the average data breach now costing American businesses about $8.64 million, according to its 2020 “Cost of a Data Breach Report.” 

Such drastic figures underscore the importance of businesses supplementing even sophisticated monitoring software with an insurance policy that fits their needs.

What Can Cyber Insurance Cover?

Losses stemming from cyberattack-related theft of funds, increased downtime, and reputational damage are often devastating and enduring. Insurance helps reduce these effects as much as possible, often covering a variety of first- and third-party claims such as data corruption, extortion, and liability.

Similar to liability or healthcare plans, there are a variety of cyber insurance policies your business can choose from. It is currently a buyer’s market, and handfuls of insurance companies are competing for your business. 

The average U.S. company pays $1,485 per year, or $124 per month, for cyber insurance, according to a study conducted by financial services firm AdvisorSmith Solutions, Inc. Your calculated insurance rate and deductible costs will vary depending on the size of your business, associated risks and security measures, annual revenue, data sensitivity, and policy coverage, states “How Much Does Cyber Insurance Cost?” published by insurance broker Embroker. 

Coverage Areas Can Include

While policies may vary in liability and deductibles, among other factors, they have historically included coverage for the following first-party claims filed by the policyholder (e.g., a business during a cyberattack):

  • Data Damage, Loss & Restoration: covers cost of replacing or restoring damaged data, hardware, software, and programs
  • Interrupted Business Operations: supplements lost income and additional expenses required to reopen after a shutdown
  • Cyber Extortion: pays hacker’s ransom after a breach
  • Costs Required to Notify Parties About a Breach: pays costs to notify customers and other parties about an attack
  • Forensic & Legal Investigation: covers forensic or legal expenses when initially assessing the attack  
  • Credit Monitoring: pays credit monitoring services for any customer with compromised information 
  • Litigation: covers legal expenses in the event of a lawsuit

Cyber insurance policies also often cover third-party claims—those filed by someone other than the policyholder (e.g., customers suffering damage during a breach). 

These can include:

  • Security & Privacy Liability: pays claims against businesses for negligence, omissions, errors, and failure to protect data and privacy in a breach 
  • Electronic Media Liability: covers lawsuits against ​​businesses for libel, defamation, invasion of privacy, slander, copyright infringement, or domain name infringement, often as a result of the policyholder putting sensitive information online
  • Regulatory Claims: maintains liability and compliance, paying fines or penalties imposed on businesses by regulatory agencies

Areas Often Exempt From Coverage

Now, some of the aforementioned events may be excluded from traditional policies, in addition to bodily injuries, property damage, acts of war/terrorism, cyberwar fallout, and fraud or intentionally harmful actions taken by the business. 

For instance, after NotPetya malware cost pharmaceutical company Merck more than $1.4 billion and impacted 40,000 computers in a 2017 attack, Merck sought to recoup losses utilizing its $1.75 billion in property insurance, according to an analysis from think tank New America. However, the claim was denied because the malware was considered an act of cyberwar released by the Russian government in the midst of ongoing Ukraine conflict, it continues.

Similarly, premier insurance firm Lloyd’s of London stated its policies would no longer cover cyberwar events between countries, including those that have “major detrimental impact on the functioning of a state,” according to a bulletin released by the firm in November 2021.

Who Needs a Cyber Insurance Policy?

Every business is at risk for cyberattacks, ransomware, data exfiltration, and other forms of extortion, making cyber insurance a necessary supplement to your cyber security defense strategy. 

It is especially imperative businesses managing sensitive data such as names, Social Security numbers, addresses, and credit card information invest in cyber insurance, stresses an account from insurance company Progressive Corporation.

Why Supplement Cybersecurity With Cyber Insurance?

Although cyber insurance provides critical support to businesses regarding all the aforementioned areas—from related expenses and recovering lost data loss to third-party claims, and more—reputation damage and a loss of trust among clients and consumers are often more difficult to recover, if ever. 

The best way to safeguard your business against cyber crimes is through supplementing insurance with a robust cybersecurity program that offers strong prevention and continuous monitoring, response, and containment. 

Maintaining a complete view of your company’s security posture at all times enables you to detect risks before they become threats, and keep adversaries at bay.

Our team of cybersecurity experts provides 24/7/365 visibility into your company’s security stance at all times, to seamlessly detect when a threat has penetrated the network—and contain it.


Cybersafe Solutions is a state-of-the-art managed security provider specializing in Security Operations Center as a Service (SOCaaS) through managed detection, response, and containment. With more than 20 years of experience in the cybersecurity landscape, our expert team of certified specialists utilizes ​​cutting-edge technology to guard against cyber adversaries. Contact us today to learn more.