What Is Cyber Liability Insurance? Exploring Its Coverage & Costs

In 2018, businesses faced 571 breaches, exposing 415 million records. Business breaches made up 46% of all breaches.

Small businesses, often overlooked, are highly vulnerable. Lacking extensive tech support, they need cyber liability insurance.

This insurance assists in responding to breaches, covering costs, and facilitating recovery.

Learn about coverage, costs, and purchase options in this article.

What Is Cyber Liability Insurance?
Image source (Piktochart)

What Is Cyber Liability Insurance?

Cyber liability insurance covers the cost for a business to recover from a data breach, virus, or other cyberattack.

It also covers legal claims resulting from the breach. Any business that stores sensitive data in the cloud or on an electronic device should have cyber liability insurance.

Who Needs Cyber Liability Insurance?

Cyber liability insurance, also known as cybersecurity, privacy, and media liability insurance, helps your company respond to cyberattacks or data breaches.

It’s crucial if your network or computer systems are hacked or infected.

General liability or professional liability policies often include basic cyber liability coverage.

However, businesses with personally identifiable information (PII) should consider standalone or enhanced cyber liability insurance.

PII, like name, date of birth, email, social security, credit card, or bank account numbers, needs protection.

Various cyber breaches can happen, such as phishing emails where hackers pose as your company, tricking customers into revealing PII.

To safeguard against cyberattacks, establish strong internal measures. Limit PII access, use robust passwords, and regularly update them and software.

Brian Gill, cofounder of Gillware Data Recovery, emphasizes the importance of making security a top priority in business. Insurance is an additional layer of protection for emergencies.

What Does Cyber Liability Insurance Cover?

Cyber liability coverage differs depending on the insurer. No standard policy exists for cyber insurance, and insurers started offering it in the last couple of decades.

Judy Selby, a cyber law expert, points out that each insurer has its unique policy language, making it challenging to compare cyber insurance policies.

Despite the variations, Selby says most insurers offer two types of coverage within a cyber liability policy:

1. First-party Coverage

This coverage pays for immediate expenses that a company incurs after a cyber breach. This includes:

  • Cost of notifying employees and the public
  • Repairing any damaged software or hardware
  • Protecting the company’s reputation with a marketing and public relations response
  • Business interruption costs and missed income while business operations are suspended
  • Extortion money (used to appease a hacker who threatens your data or systems unless you pay them a ransom)
  • Other ancillary costs, such as paying for credit monitoring for customers

2. Third-party Coverage

The coverage serves to protect the company from legal actions and lawsuits. It encompasses:

  1. Privacy lawsuits alleging breaches of customer or employee privacy.
  2. Fines imposed by regulatory bodies.
  3. Media liability claims, including copyright infringement, libel, or slander.
  4. Claims related to breach of contract or negligence.

Beyond first- and third-party coverage, certain insurers offer risk mitigation services to proactively identify and prevent cyber threats. In the event of a breach, some insurers establish hotlines for customers and the public to obtain additional information.

What’s Not Covered by Cyber Liability Insurance?

Carefully review your cyber liability insurance policy and understand exclusions.

Exclusions commonly include:

  1. Bodily injury or property damage claims, covered by a general liability policy.
  2. Loss of property, like phones or computers, covered by commercial property insurance.
  3. Criminal activity, such as fraud or theft, may require commercial crime insurance.
  4. Social engineering risks might have limited coverage or be an optional add-on.

When you buy cyber liability insurance, you commit to maintaining security measures.

Failure to do so may result in denied coverage.

For instance, if an employee clicks on a malicious link due to a lack of anti-malware software, coverage could be denied.

Understanding and implementing security procedures is crucial. You can establish these protocols independently or enlist external security firms for assistance.

How Much Does Cyber Liability Insurance Cost?

Cyber liability insurance costs vary, ranging from $500 to over $50,000 per year. Tailor your coverage to match your business needs and budget.

Factors influencing the cost include:

  1. Coverage limits: More complex needs or higher limits increase the cost. Storing extensive customer data or using multiple servers raises expenses.
  2. Data access: Restricting access to sensitive data, limiting it to senior employees, and having an in-house security expert can save money.
  3. Security measures: Employing effective security measures like antivirus software and network firewalls, and regular password updates, can reduce premiums.
  4. Industry: Online businesses or those in data-sensitive sectors, like healthcare, face more threats and higher premiums.
  5. Claims history: A history of multiple claims may result in higher premiums.

Cyber liability insurance costs more than other business insurances due to potentially significant fallout.

Dealing with a cyber incident involves containing the crisis, customer response, public relations, repairing hardware or software, recovering lost profits, and covering legal claims.

Read more: Is Health Insurance a Business Expense?

How Much Cyber Liability Coverage Do I Need?

What is cyber liability insurance
Cyber liability insurance safeguards small businesses from threats like data breaches, protecting against risks to computer systems and sensitive customer information such as credit card numbers, Social Security numbers, account details, health records, and driver’s license numbers: Photo source (Forbes)

Determining your cyber liability coverage can be challenging. Start by envisioning a hypothetical cyber incident and calculate the coverage needed for recovery.

In 2018, the IBM Security and Ponemon Institute study found the average cost of a data breach was $148 per affected record.

Identify the number and type of sensitive records your business stores and their locations.

Consider the steps and time required to inform customers and protect their interests in case of a breach.

Calculate potential costs for replacing affected hardware or software. Assess whether your in-house security team can handle mitigation or if external consultants are necessary.

Determine if you have an in-house public relations professional to address public inquiries about the breach.

Answering these questions helps determine the coverage needed. Business owners lacking technical expertise can hire an IT security firm to assess risks.

After an audit, an insurance broker can assist in refining coverage limits.

When uncertain, Shari Claire Lewis recommends erring on the side of more coverage. Despite the quantity of claims occurring at lower coverage levels, additional coverage is often affordable, and businesses are advised to purchase what they can afford.

Best Places to Buy Cyber Liability Coverage

Start by exploring cyber liability coverage with an insurance company you already trust.

Check if your existing general liability or professional liability policy includes any cyber coverage—though this may not be sufficient for most businesses.

If your insurer provides separate cyber liability insurance, great. Otherwise, consider checking the listed insurers below.

It’s advisable to partner with an insurer rated A or higher by A.M. Best, a globally recognized credit firm.

An A rating or higher indicates the insurer’s financial solvency, ensuring they have adequate funds to cover valid claims.

These are the best insurance providers for cyber liability insurance:


Hiscox, an A rated insurance company, specializes in cyber liability coverage for over 20 years, handling 1,000+ claims yearly. Their primary product suits small businesses with up to $1 billion in annual revenue, offering up to $10 million in limits.

Their coverage includes both first and third-party coverage, compensating for various legal claims and providing compensation for lost business income during breach response. Identity and credit restoration coverage is fully provided.

You also get pre-loss breach prevention and post-loss response services, including an hour with a data breach coach.


AIG, an A rated insurer, dominates 22% of the cyber liability market. Their customizable cyber insurance offers limits up to $100 million. You can integrate cyber coverage into existing policies or opt for standalone coverage.

AIG aids in preventing cyberattacks, offering CyberMatics threat scores and benchmarking reports. These help assess security vulnerabilities and compare coverage with similar firms.


Chubb, an A++ rated insurer, holds 12% of the market share. Their Cyber ERM policy offers coverage from $10 million to $100 million. They provide worldwide coverage regardless of the breach’s origin.

Chubb’s policy covers a broad range of PII and can include optional coverage for social engineering and computer fraud.

Liberty Mutual:

Liberty Mutual, also A rated, tailors cyber liability insurance for small businesses. Coverage can be integrated into general liability or business owner’s policies.

Their Data Security endorsement offers four optional parts covering various expenses and liabilities resulting from a data breach.


CoverWallet is an insurance marketplace allowing you to compare quotes from multiple A rated insurers.

You can get cyber liability quotes and choose the best option for your business needs.

Purchasing is convenient online or via phone with no additional premiums. Policy management, including document access and payments, is done through the CoverWallet online account. Claims filing goes directly to the insurer.

The Bottom Line

Cyber liability coverage is still very much an evolving area of insurance. Since insurance companies are still relatively new to this space, there isn’t always a lot of clarity around what cyber liability insurance covers and doesn’t.

That makes it ultra important to read through your entire policy before committing, preferably with the help of a broker or insurance professional.

With the right cyber liability policy, you can avoid the costs and harm to your brand that can otherwise result from a cyber breach.

Leave a Comment