Do I need Cyber Insurance for my Business?

Do I need Cyber Insurance for my Business?


Cybercrime has become more than a nuisance for businesses; it’s an existential threat. Cybercriminals are exceptionally savvy at finding ways to attack businesses, steal data, and ultimately cause expensive chaos. Depending on the size of your business and your available assets, the financial fallout from just one data breach could be enough to cause your business to close for good. Any business that relies on customer data and a digital presence should consider cyber insurance an essential survival tactic in the fight against cybercrime.

Why Is Cyber Insurance Necessary?

Having a digital presence leaves your business at risk of a cyber-attack. Even your website could be an attack vector for cybercriminals, who could load malware onto your website and infect your site visitors. However, most cybercriminals focus heavily on your data — both stealing it and removing your access to it. The most common strategies hackers now use to attack business data include:


  • Phishing
  • Malware
  • Credential stuffing
  • Ransomware


These attack methods often occur as part of the same attack. For example, over 80% of data breaches are caused by human error of some kind, often the result of an employee or individual falling prey to a phishing attack. Meanwhile, over 60% of data breaches involved stolen credentials. A hacker may send a phishing email, steal passwords through a phishing link attached to that email, and then use the stolen email/password combo across other websites. Or, the attacker could include a ransomware file in the email that executes when downloaded.


Once a hacker gets access to your business data or has the ability to lock down your access to it, your business must begin the expensive recovery process. The average cost to recover from a data breach can be $146 per record, on average, or up to $175 per record for breaches resulting from a malicious attack.


Even a comparatively small breach with 1,000 records impacted could set a company back $145,000 or more in recovery costs (that include getting systems back online, legally required reporting to impacted individuals, and potential fines).

What Does Cyber Insurance Cover?


Cyber insurance is designed to mitigate the cost of investigating and recovering from cyberattacks. At a high level, a cyber insurance policy as written will allow you to recover the direct financial costs associated with these electronic threats. This often includes both first- and third-party damages, such as paying legal fees, paying settlements if you are found at fault, the cost of investigating a breach or attack, the cost of restoring your systems following an attack (such as DDoS) or lost income due to the interruption of business. Your coverage limits will depend on the agreement established between your business and the insurance company underwriting your policy.


Note that ransomware presents a unique challenge, even for cyber insurance. While your cyber insurance policy may cover some aspects of a ransomware attack, such as investigation of the attack and restoration of documents, most insurance policies will not pay a ransom demand. As such, your business is best protected against ransomware by performing the appropriate cybersecurity risk assessments and deploying effective security measures to prevent ransomware from taking over your critical systems.

How Much Does Cyber Insurance Cost?


The cost of your policy will depend on your needs. However, it’s best to consider the size of your exposure to help determine how much coverage makes sense. A small business that stores very little data will have a much smaller insurance need than a small business that relies heavily on storing and using customer data.


Your liability also extends beyond just your own servers and accounts. Third parties with access to your data or your customers’ data could also put you at financial risk. In such situations, third-party cyber liability insurance may also be necessary to mitigate the potential financial losses resulting in breach or data theft impacting a vendor.


Most cyber insurance is not retroactive. Plan ahead by purchasing the right amount of insurance to cover your risks before a data breach or ransomware attack occurs. Give us a call at 650-873-1255 and we’ll be happy to answer any questions you have about cyber insurance.