How Much Cyber Insurance Does Your Business Need? [Updated in 2023]

Editor's note: This post was originally published on October 29, 2021 and has been revised for clarity and comprehensiveness.

Let's get this out of the way: cyber insurance is expensive. And it's becoming more expensive as time goes by. 

The growing severity of cyber incidents like ransomware, which has seen a ransom payout increase of 311% in 2020, has sent premiums soaring. Some insurance carriers increased by as much as 25%, according to a Reuters report.

Still, cyber insurance can help offset the impact of an attack and help you recover from major incidents - something that could make it worth the cost. 

At Intelligent Technical Solutions (ITS), we've helped hundreds of businesses take proactive steps to strengthen their cybersecurity. From our experience, even the most robust cybersecurity measures can be breached, and that's when a cyber insurance policy can be essential.  

But just how much do you need? 

To better understand the costs of cyber insurance, we spoke with Larry Meador, the Channel Chief of Datastream Cyber Insurance, a North American-based insurance broker specializing in cyber insurance. In this article, we'll help you make informed decisions when it comes to buying a cyber insurance policy by answering the following questions: 

• Who needs cyber insurance? 
• How much cyber insurance do you need? 
• What factors affect cyber insurance costs? 

Who Needs Cyber Insurance?

You can fall victim to cybercrime regardless of the size of your organization. It's been reported that almost half of all recorded cyber attacks in recent years were aimed at small businesses. 

 From a threat actor's standpoint, it just makes sense.

“Small businesses are often particularly vulnerable to cyber-attacks because they may not have the same level of resources or expertise to protect their digital assets as larger organizations,” Meador says. 

With that said, it's going to be hard to think of a business that doesn't need cyber insurance in today's threat climate. If your business stores sensitive client, customer, and partner data or conducts any form of electronic transactions, then you can benefit from a cyber policy regardless of the size of your business. 

How Much Cyber Insurance Do You Need?

According to Meador, the cost of cyber insurance for small and medium-sized businesses (SMBs) can vary widely depending on several factors, including the size and industry of the business, the amount of data it stores, and the level of risk associated with its online activities. That means figuring out how much coverage an organization would need is a difficult process unique to everyone. 

However, on average, cyber insurance premiums for SMBs typically range from $1,000 to $8,000 per year, with the median cost falling around $2,500 per year. 

What Factors Affect Cyber Insurance Costs?

There are a lot of factors that insurers need to investigate and calculate to determine the cost of a policy. Let's take a look at some of the most important ones below: 

Size and Industry

The size of your organization is a vital part of the insurer's calculations, as the more employees you have, the greater your risk for phishing and social engineering attacks. Larger companies also typically have more complex IT systems and handle more data, which can increase their risk and premiums. 

However, a more important factor in determining your policy costs is your industry. Depending on your industry, you could pay much more for a cyber insurance policy. That is because some industries are more prone to cybercrime than others. Some of these high-risk industries include: 

• Healthcare 
• Government 
• Financial 
• Education 
• Energy and Utilities 

Data Size and Sensitivity

The size and sensitivity of your data are crucial in determining your risk factor. Take, for example, a local business with a limited customer base. This low-risk company is likely to pay less for its cyber policy than a large retail store that stores customer information and credit card numbers through its website. 

On the other hand, an example of a high-risk company would be a healthcare facility or financial institution. Both typically store massive amounts of sensitive personal data like social security numbers, dates of birth, and other private information, a prime target for cybercriminals. 

The higher the risk for the data you keep, the more you have to pay to protect it. 

Cybersecurity Measures

Having the right cybersecurity measures in place can affect how much your cyber liability insurance will cost. The better security you have in place, the cheaper your rate will likely be, and the better your coverage. 

According to Meador, some security measures that could help lower your premiums include: implementing firewalls, using encryption, and conducting regular security audits.