What is Cyber Insurance and Do I Need it?
Business Insurance | Learning Center | Cyber & Identity Theft
Originally published: Oct 23, 2020 | Updated: May 22, 2025
Technology use is an essential part of both business and everyday life, having sped up our processes and expanded our capabilities. But, it can be both a blessing and a curse, as individuals and businesses can be vulnerable to serious cyber attacks that cost them money, materials, and reputation.
And this doesn’t just pertain to big corporations, as 55% of small businesses have experienced cyber attacks as well. No organizations are excluded when it comes to online attacks, making it imperative for all businesses to protect their systems and data
That’s where cyber insurance comes in!
Since cyber insurance is a relatively new type of coverage, many people are unaware of it and whether they truly need it for their business. At Berry Insurance, we’ve educated hundreds of businesses, both large and small, about cyber insurance and helped them obtain the protections they need.
Below, we’ll discuss what cyber insurance is, what it covers, and if it is right for you.
Table of contents:
- What is cyber insurance?
- What is the difference between first-party and third-party cyber insurance?
- When is cyber insurance not enough?
- Do I need cyber insurance?
- Who is cyber insurance not for?
- How do I determine and acquire cyber insurance coverage?
- How much does cyber insurance cost?
What is cyber insurance?
Cyber insurance covers costs associated with a cyber attack or data breach.
This includes malicious actions such as hacking, viruses, phishing, denial of service (DoS) ransomware, malware and more; but also data losses from incidents such as computer glitches, power surges, and accidental deletions.
The insurance covers costs and legal fees incurred from business losses, investigations, lawsuits, and extortion.
In addition to the expense recovery, cyber insurance can offer assistance in other areas related to security, such as:
- Providing notifications about security threats and data breaches
- Recovering compromised data
- Repairing damaged computer systems and software
- Consulting on cyber related issues
What is the difference between first-party and third-party cyber insurance?
First-party cyber insurance protects business against the financial repercussions of cyber attacks and data breaches, as discussed above.
There is also another type of cyber insurance, called third-party cyber insurance, which protects the insured company if it makes a mistake that causes a client or partner to experience a data breach or cyber attack.
Not all insurance carriers offer third-party cyber insurance alongside first-party, so if you are interested in it, you should ask your agent for a policy that includes it.
For more on the difference between these two types of coverage, check out this guide: First-Party vs. Third-Party Cyber Liability Insurance: What’s The Difference?
When is cyber insurance not enough?
When purchasing cyber insurance, it is important to understand your cyber insurance policy will not pay out if you don’t do your part to protect your company from cyber attacks as well.
Just because you have cyber insurance, doesn’t mean you can neglect all other security strategies in your company.
Ensuring your business is adequately protected is completely up to you. When you get cyber insurance, the carrier does not check your security strategies — it only does so when a claim has been made.
This means you might think you’re covered when you actually aren’t.
To ensure you are covered by your cyber insurance, you will want to take the following steps to prove you are making your best effort to prevent any attacks:
-
Implement a detailed cyber security strategy
- Use security/antivirus software
- Train your employees
- Encrypt your information
- Audit your network
- Use secure, password-protected Wi-Fi
- Use unique employee logins and passwords
Generally, you will need to be already doing these things in the first place to even qualify for cyber insurance.
Do I need cyber insurance?
In addition to security policies and training, most businesses of all sizes should have cyber insurance.
Some believe only large corporations are susceptible to cyber attacks, but this is not the case.
Any business that uses technology to store company or customer information, or process payments online are vulnerable to a cyber attack and should have cyber insurance.
Many people assume their general liability insurance will cover losses pertaining to cyber, but this is not the case. To protect your business from cyber attacks, you will need separate cyber insurance.
In some cases, individuals may also want cyber coverage. For example, company founders, public figures, and wealthy people are vulnerable to cyber attacks and could benefit from the coverage.
For our list of the most common cyber insurance claims that we see, read this guide: Common Cyber Insurance Claims that Could Happen to Your Business.
Who is cyber insurance not for?
Small businesses who don’t use technology to store information or process online payments usually don’t need the coverage.
The average individual also does not need cyber insurance. Even if you use credit cards and online banking, you do not need the coverage because the financial providers have their own cyber security protection covering you. Individuals who want to be protected from hacking can also purchase identity theft insurance.
How do I determine and acquire cyber insurance coverage?
Determining how much insurance you actually need for your business depends on several factors such as the company size, industry, revenue, the likelihood of being targeted, and the estimated potential damage if there were to be a cyber attack.
Industries who might need more coverage include technology, medicine, finance, or any with large revenue or confidential information.
Larger businesses tend to need more cyber insurance because their potential financial losses are larger.
How much does cyber insurance cost?
The cost of cyber insurance varies significantly depending on company size, revenue, industry, and the amount of coverage you want on your policy.
For smaller businesses, the annual premium might range from $500 – $5,000, but for larger businesses, the premium can cost tens of thousands.
Stay protected:
Even if the insurance does cover an incident and the short-term costs are paid, it does not necessarily resolve everything. Cyber attacks can be damaging to a company’s reputation and future sales, which could even put them out of business.
Remember, just because you have cyber insurance, doesn’t mean you are protected.
Cyber insurance takes a lot of work on the part of the policyholders to ensure they are protecting themselves as well, and if they are not, the insurance might not cover.
In addition to the coverage, you need to make sure you are taking steps to protect your business from a cyber attack.