What is Cyber Insurance? Cybersecurity insurance, also called cyber liability insurance or cyber insurance, is an assurance that an entity can buy to help reduce the financial risks associated with doing business online. In exchange for a monthly or quarterly fee, the insurance policy transfers some of the risks to the insurer. (Similar post: Ultimate Tips To Improve Cybersecurity and Information Security Standards In 2022)
Cybersecurity insurance is a new and emerging industry. Companies that purchase cybersecurity insurance today are considered early adopters. Cybersecurity policies can change from one month to the next, given the dynamic and fluctuating nature of the associated cyber-risks. (Similar post: All you need to know about Digital Asset Security)
Cyber insurance is a type of insurance that aims to protect customers from data theft, data loss, extortion demands, hacking and DDoS (distributed denial of service) assaults. Cyber insurance also tries to help with crisis management and legal claims for defamation, fraud, and data breaches. Data recovery, system forensics, legal defense, and consumer reparation are all covered under this insurance coverage. (Similar post: Top technical cybersecurity skills to boost your tech career)
For many US-based businesses, cybersecurity insurance has become a popular tool for managing risk. Recent figures from Statista show that of all cyber insurance premiums written in the country, more than three-fourths are under corporate insurance. The database firm also estimates that the cybersecurity insurance sector will grow into a $20 billion industry by 2025.
Why is cyber insurance important for organizations?
The loss, compromise, or theft of electronic data can have a negative impact on a business, including the loss of customers and revenue. Businesses may be liable for damages stemming from the theft of third-party data. Cyber liability coverage is important to protect businesses against the risk of cyber events, including those associated with terrorism. Cyber-risk coverage can assist in the timely remediation of cyber attacks and incidents.
In 2011, Sony’s PlayStation Network was breached by hackers, exposing personally identifiable information (PII) of 77 million PlayStation user accounts. The breach prevented users of PlayStation consoles from accessing the service, an outage that lasted for 23 days. Sony incurred over $171 million in costs related to the breach.
Portions of this cost could have been covered by a cyber insurance policy, but Sony did not have one in place. A court case ruled that Sony’s insurance policy covered damage to physical property only, leaving Sony to incur the full amount of costs related to cyber damages. (Similar post: How to protect digital security and privacy tips for business owners in 2022)
Who needs cyber insurance?
Businesses that create, store and manage electronic data online, such as customer contacts, customer sales, PII, and credit card numbers, can benefit from cyber insurance. In addition, e-commerce businesses can benefit from cyber insurance, since downtime related to cyber incidents can cause a loss in sales and customers. Similarly, any business that stores customer information on a website can benefit from the liability coverage that cyber insurance policies provide.
What is covered and not covered by cyber insurance?
In the United States, most major insurance companies offer customers cybersecurity insurance policy options. Depending on the price and type of policy, the customer can expect to be covered for extra expenditures resulting from the physical destruction or theft of information technology (IT) assets. Such expenditures typically include costs associated with the following:
- meeting extortion demands from a ransomware attack;
- notifying customers when a security breach has occurred;
- paying legal fees levied as a result of privacy violations;
- hiring computer forensics experts to recover compromised data;
- restoring identities of customers whose PII was compromised;
- recovering data that has been altered or stolen; and
- repairing or replacing damaged or compromised computer systems.
Traditional insurance policies typically exclude cyber-risks, and this has led to the growth of cybersecurity insurance as a separate, stand-alone type of coverage. Potential customers include any company that accepts digital payments or stores PII about customers, including medical and financial information. (Similar post: Best privacy tools and anonymous browsers to protect online privacy)
Top 5 Things Companies Should Know About Cyber Insurance
To make a concise and easy-to-digest explanation of how cyber insurance works, here are five things your company should know about it.
1. Who needs cyber insurance?
Almost every business should have cyber insurance, especially if it deals with consumers’ personal identifiable information (PPI). Energy, oil/gas, utilities, media, leisure and entertainment, business and professional services, IT, technology and telecoms, and financial services are among the industries where cyber insurance is most important. As a corporation in one of these industries, you don’t want to be caught in the middle of a media frenzy about data loss while negotiating a ransomware settlement with a hacker.
2. Is it cost-effective?
When compared to the impact of having to pay ransomware settlements, which usually run into millions of dollars, cyber insurance is a safer and cheaper option. According to AdvisorSmith Solution Inc.’s latest survey, the average cost of a cyber liability policy in 2019 was $1,500 per year for $1 million in coverage and a $10,000 deductible.
3. What does cyber insurance cover?
Legal fees, cyber extortions, forensic expenses, business interruption, PR expenses, and data recovery are all covered by cyber insurance plans, which vary from firm to company and are priced differently.
4. What factors affect the price of the cost of cyber insurance?
While there is no set price for cyber insurance, there are a few elements that influence the cost of cyber insurance both directly and indirectly, including size, industry, firm footprint, kind of coverage, and regulatory requirements.
- Size: How big or tiny a corporation is. Since a huge organization is more likely to be attacked, the cost of insurance will almost certainly be greater.
- Industry: Industries like healthcare and banking are frequently targeted by hackers, businesses in these fields may expect increased costs.
- Company footprint: This is similar to company size, but it also considers the number of offices a company has and the number of geographical places it serves. To put it another way, the more attack vectors a business has, the more cyber insurance it may require.
- Type of coverage: If you want cyber insurance that covers all types of incidents, you should expect to spend more.
- Regulatory requirements: Regulatory or compliance requirements that your company must meet may result in higher cyber insurance costs.
5. What cyber insurance company should I consider?
There are several companies that provide cyber security services; while making a decision, consider the company’s track record and present client base. Also, engage a specialized broker who is experienced in assisting businesses in determining which insurance provider is most suited to their industry.
How much does cyber insurance cost in the US?
The cost of cybersecurity insurance premiums is determined by a range of factors, including the size, nature, and location of the business. Data gathered by the small business information resource website AdvisorSmith shows that the average cost of cyber insurance in the US in 2020 was $1,485 annually. The firm, however, noted that due to the spate of cyberattacks in 2021, premium prices are likely to soar as well. Here are the states where cyber insurance premiums cost the most and the least, according to AdvisorSmith’s data.
US states with the most expensive cybersecurity insurance
|State||Annual average premiums||Difference from the national average|
US states with the least expensive cybersecurity insurance
|State||Annual average premiums||Difference from the national average|
Best cyber insurance providers in 2022
What are the best cyber insurance providers in the US, UK, Canada, Australia, etc in 2022?
1. AXA XL – Features risk mitigation tools
AXA XL accounts for about 10% of the current cyber insurance market. It offers a full suite of first- and third-party coverage, from cyber security breach expenses and privacy regulatory coverage to cyber extortion & ransomware coverage and business interruption coverages. Coverage is tailored for businesses across various industries and technology companies, available on a primary and excess basis.
Its claims team are all attorneys with years of cyber incident response experience. They sit right alongside underwriters so they have a good understanding of clients and coverage before any incident occurs.
AXA XL recently launched an incident response team as part of its claims team that helps in every aspect of incident response, from enlisting needed help from expert vendors to walking through every step of the claims process. It has established a panel of expert vendors – from forensics to PR teams – that can be called on for help when an incident arises.
2. AIG – Three flavors of cyber insurance
American International Group (AIG) has an 8.3% share of the cyber insurance field. It provides coverage for physical and non-physical losses resulting from a cyber event on a primary via its CyberEdge or CyberEdge Plus products, as well as excess/difference-in-conditions insurance via CyberEdge PC.
AIG’s cyber insurance can be used standalone or added to an existing policy as an endorsement. AIG also offers three cyber insurance products:
- CyberEdge, which covers the financial costs due to a breach, as well as first-party costs.
- CyberEdge Plus covers physical world losses caused by a cyber event, including business interruption and property damages.
- CyberEdge PC, which can be added to traditional property and casualty policies.
Available limits of up to $100 million (varying by coverage) and no minimum retention. Terms, including limits, retentions, and coinsurance depend on a client’s perceived level of exposure and maturity of cybersecurity and privacy controls and are based on responses provided in the AIG Cyber Insurance Application. It applies across industries, entity types, revenue sizes, and geographies. Eligible policies include cybersecurity remediation services valued at up to $25,000.
3. Corvus – AI and data science can simplify cyber insurance
Corvus has a host of business insurance products, but also has a bevy of first-party cyber insurance offerings for business interruption, system failure, cyber extortion and ransomware, and breach response and remediation, just to name a few.
The company, which recently raised $100 million in venture funding, uses a broker-focused approach to use AI to analyze data to predict and prevent loss. The data Corvus brings together helps policyholders, underwriters, brokers, and reinsurers address market requirements. Phil Edmundson, CEO of Corvus, said that artificial intelligence and data science can simplify the cyber insurance workflow. “If you try to read a cyber policy, even knowledgeable people would find it challenging,” he said.
Chubb has an A++ rating from AM Best and an AA rating from Standard & Poor’s, indicating excellent financial strength. The company has offered cyber liability insurance since 1998 and offers several customizable cyber liability programs for businesses of all sizes and from all industries, including those industries that have a high frequency of cyber incidents. Chubb offers risk management information and assessments, along with a variety of services to minimize risk and mitigate losses.
The company offers a variety of products and services:
Cyber Enterprise Risk Management (Cyber ERM) has no minimum premiums, and offers cyber crime coverage and cyber incident response expenses, with the coverage territory applicable worldwide to address the continued evolution of hosting and data storage.
DigiTech ERM combines cyber insurance with loss mitigation and incident response services.
Integrity+ by Chubb is an integrated financial insurance solution that provides broad liability and first-party cyber protection for a wide array of E&O, data security, privacy, media, and intellectual property infringement exposures.
5. Travelers – Options for SMBs too
Travelers is another big player in the cyber insurance sector with a 7.5% market share. In addition to coverage, it provides policyholders innovative value-added pre- and post-breach risk management services at no additional cost.
Travelers’ CyberRisk solution is broad cyber coverage customized to fit business needs. It is aimed at both small businesses and Fortune 500 companies, including financial institutions and nonprofits. There are also versions of CyberRisk available for technology companies and public entities, and a simpler version called CyberFirst Essentials for small businesses.
The company bundles pre- and post-breach services provided by Symantec, as well as a hub to evaluate risks. Travelers’ policies fall into these categories:
- CyberRisk is a broad policy for companies of all sizes that can be standalone or part of another liability policy.
- CyberRisk Tech for Technology Companies, designed for tech firms.
- CyberRisk for Public Entities, is a policy aimed at municipalities, counties, utilities, and transit authorities.
- CyberFirst Essentials is a policy for small businesses that can be standalone or part of a broader business owner policy.