What Does Cyber Insurance Cover and What Does It Not Cover?

When you browse the news, it’s becoming more and more common to see articles mentioning a large company hit by a data breach or a cyber attack. It seems like no matter how much a business enhances its cyber security efforts, the chance of a cyber attack is ever looming in the background. According to Purplesec, the average cost of a data breach to small businesses can range from $120,000 to $1.24 million dollars. Several businesses are turning to cyber insurance companies to help them save money and protect them in the event of a serious cyber attack, data breach or ransom demands. Cyber insurance is still an evolving space and business owners might many questions about it. What exactly does cyber insurance cover and what does it not cover? Well, find out below as we go in-depth and give you all the answers you need when it comes to the world of cyber insurance.

What is Cyber Insurance?

Cyber insurance usually covers your business’ liability in the case of a cyber attack, data breach, malware, or any other cyber crime. Cyber insurance works the same way as general liability insurance or even errors and omissions insurance. It covers the losses your business may suffer following a significant cyber crime. These type of policies are great for recovering from a network security failure such as malware, ransomware, email compromises, and more. They also help in case a lawsuit arises and/or paying for penalties from regulating authorities. Cyber insurance shouldn’t be your only form of cyber risk management, but should complement and enhance a robust cyber security plan along with firewalls, antivirus programs, and specialized employee training.

What Does Cyber Cover?

Cyber insurance companies cover a variety of different losses due to data breaches, hacking, and other cyber crimes. Cyber insurance normally helps with data restoration, data recovery efforts, repairing damaged computer systems, notifying customers about a data breach, cyber extortion, legal fees, and forensic investigation. They also help with litigation expenses, crisis management expenses, attack remediation, personal identity restoration, and offer credit monitoring services to victims. A lot of cyber insurance companies also offer privacy liability coverage and robust resources meant to help businesses enhance their cyber security protocols.

What Doesn’t Cyber Insurance Cover?

Cyber insurance companies cover a lot of expenses, but don’t expect your policy to cover everything under the sun. Cyber insurance doesn’t cover human error, preexisting vulnerabilities, insider attacks, poor security processes, and technology system upgrades. Cyber insurance also doesn’t cover potential future profits that are lost due to various factors, decreased valuation, intellectual property theft, and acts of war by a foreign power. If you wish to cover all of your bases consider looking into intellectual property insurance, general liability insurance, professional liability insurance, and commercial property insurance.

Who Needs Cyber Insurance?

If your business has an online component, relies heavily on technology, and/or store sensitive data, then it would be in your best interest to get cyber insurance. A large business may have the funds and revenue to cover a lawsuit, but most small businesses don’t have the resources to cover this scenario. Either way, both large and small companies can benefit from cyber insurance, especially if they’re looking to prevent damage to both their business and reputation resulting from a cyber attack.

Cyber Insurance Costs

Cyber insurance companies charge different amounts depending on several different factors. The cost depends on your industry, claims history, revenue, the type of sensitive data you store, and the number of customers/clients. According to Insureon, the median cost of cyber insurance is $130 per month or $1,675 per year. Network security companies, healthcare, IT consultants tend to pay a lot more than other businesses since they handle sensitive customer information on the regular. Many small businesses choose policies that have a $1 million dollar aggregate limit that could end up saving them from potential financial destruction following a devastating cyber attack.


Cyber security threats are becoming more advanced every year and business owners have to constantly find new yet effective ways of upgrading their security networks and preventing the chances of these attacks occurring. It’s a constant struggle for many businesses who are trying to navigate this vulnerable space without being attacked. For many businesses, it’s just a matter of time before they experience a cyber attack. According to Purpesec, enterprises experienced an average of 130 security breaches per year per organization. Cyber insurance is one of the best solutions your business could invest in for the future of your company. It covers a wide range of expensing resulting from a data breach and/or cyber attack. Cyber insurance won’t upgrade the security of your network or cover future losses. Either way cyber insurance is a valuable asset and a reliable safeguard for any business regardless of the size of the company.