Back to Blog Home

Cybersecurity insurance, part 1: What is it, and do I need it?

As ransomware attacks become more prevalent, many businesses are turning to cybersecurity insurance to transfer risk and mitigate some of the costs of various cyberattacks. Those negative effects are enough to give even the most confident CEO and CIO pause—a successful ransomware attack could encrypt critical business assets for hours, days, weeks, or even months. Additionally, the cybersecurity threat landscape continues to evolve in complexity, with companies defending against business e-mail compromise (BEC) attacks, funds transfer fraud attacks, or other malicious cyberattacks.

In response, many organizations are purchasing insurance to transfer risk and mitigate some of the cost of a cybersecurity attack. But what is cybersecurity insurance? What kind of coverage does it provide? This post will take a closer look at these questions.

What is cybersecurity insurance?

Cyber insurance provides compensation for companies when they have experienced a cyberattack. Coverage provides monetary compensation to a company to pay for the damage sustained during a ransomware attack, BEC, fund transfer fraud, or covered incidents. In other words, cyber insurance coverage moves the burden of risk from an organization’s bottom line to the insurance policy, just like car insurance pays for repairs.

Read more: Building a culture of cybersecurity awareness

Does your organization need cyber liability insurance? 

anization has its own unique needs. To determine if your business needs insurance, ask yourself the following questions:

  • Does your company store credit card information from customers?
  • Does your company have protected health information (PHI) data?
  • Does your company need to protect intellectual property?
  • Is your company subject to regulatory bodies that govern data compliance?
  • Does your company use automation to fulfill and ship orders?
  • Does your company store PII (personally identifiable information) or other sensitive data?

If you answered yes to any of these questions, then your company should investigate the cost of purchasing cybersecurity insurance as part of your overall cybersecurity program.

Read more: Top 5 cybersecurity actions to take right now

What does cyber coverage entail?

Policies differ from plan to plan and insurance provider—but in general, most cyber liability plans cover:

  • Data recovery expenses from ransomware attacks.
  • Computer forensics costs if needed for legal reasons.
  • Compensation for funds lost in transfer fraud or from paying the ransom.
  • Legal fees for litigation post-breach.
  • Expenses associated with compensating customer losses from the breach.

In addition, many cybersecurity insurance policies offer:

  • Assistance in creating a cyber breach incident response plan.
  • Online training to boost cybersecurity awareness.
  • Dedicated insurance agent team members in the event of a breach.

How much does cyber insurance cost?

Costs vary for cyber insurance coverage. However, certain factors will impact the cost of your insurance policy:

  • Company size and customer base
  • The amount of data that needs to be insured
  • Current cybersecurity efforts and the level of information security controls already in place

Cybersecurity insurance costs range from hundreds of dollars to tens of thousands of dollars a year. For example, a smaller corporation with a relatively small amount of sensitive data will pay much less than a large company with hundreds or thousands of customers with PII or PHI data.

Also read: Three recent developments in security technologies: What you need to know

Incorporating liability insurance into your cybersecurity program

Just as insurance alone is not enough to fully protect a business, a good cybersecurity program can benefit from the added coverage of liability insurance. OnX can help your business assess, plan, and execute every aspect of refining your cybersecurity program and help you protect your sensitive and critical data.

Get in touch to learn more about how OnX can boost your cybersecurity defenses and advise you on cyber insurance coverage.

Read more from the cybersecurity insurance blog series:

  1. Part 2: Cybersecurity insurance: Preparing for insurance company questionnaires
  2. Part 3: Completing the risk and liability questionnaire
  3. Part 4: What happens if your company is denied cyber insurance coverage