How Much Cyber Insurance Does Your Business Need? [Updated in 2023]
Editor's note: This post was originally published on October 29, 2021 and has been revised for clarity and comprehensiveness.
Let's get this out of the way: cyber insurance is expensive. And it's becoming more expensive as time goes by.
The growing severity of cyber incidents like ransomware, which has seen a ransom payout increase of 311% in 2020, has sent premiums soaring. Some insurance carriers increased by as much as 25%, according to a Reuters report.
Still, cyber insurance can help offset the impact of an attack and help you recover from major incidents - something that could make it worth the cost.
At Intelligent Technical Solutions (ITS), we've helped hundreds of businesses take proactive steps to strengthen their cybersecurity. From our experience, even the most robust cybersecurity measures can be breached, and that's when a cyber insurance policy can be essential.
But just how much do you need?
To better understand the costs of cyber insurance, we spoke with Larry Meador, the Channel Chief of Datastream Cyber Insurance, a North American-based insurance broker specializing in cyber insurance. In this article, we'll help you make informed decisions when it comes to buying a cyber insurance policy by answering the following questions:
- Who needs cyber insurance?
- How much cyber insurance do you need?
- What factors affect cyber insurance costs?
Who Needs Cyber Insurance?
You can fall victim to cybercrime regardless of the size of your organization. It's been reported that almost half of all recorded cyber attacks in recent years were aimed at small businesses.
From a threat actor's standpoint, it just makes sense.
“Small businesses are often particularly vulnerable to cyber-attacks because they may not have the same level of resources or expertise to protect their digital assets as larger organizations,” Meador says.
With that said, it's going to be hard to think of a business that doesn't need cyber insurance in today's threat climate. If your business stores sensitive client, customer, and partner data or conducts any form of electronic transactions, then you can benefit from a cyber policy regardless of the size of your business.
How Much Cyber Insurance Do You Need?
According to Meador, the cost of cyber insurance for small and medium-sized businesses (SMBs) can vary widely depending on several factors, including the size and industry of the business, the amount of data it stores, and the level of risk associated with its online activities. That means figuring out how much coverage an organization would need is a difficult process unique to everyone.
However, on average, cyber insurance premiums for SMBs typically range from $1,000 to $8,000 per year, with the median cost falling around $2,500 per year.
What Factors Affect Cyber Insurance Costs?
There are a lot of factors that insurers need to investigate and calculate to determine the cost of a policy. Let's take a look at some of the most important ones below:
Size and Industry
The size of your organization is a vital part of the insurer's calculations, as the more employees you have, the greater your risk for phishing and social engineering attacks. Larger companies also typically have more complex IT systems and handle more data, which can increase their risk and premiums.
However, a more important factor in determining your policy costs is your industry. Depending on your industry, you could pay much more for a cyber insurance policy. That is because some industries are more prone to cybercrime than others. Some of these high-risk industries include:
- Healthcare
- Government
- Financial
- Education
- Energy and Utilities
Data Size and Sensitivity
The size and sensitivity of your data are crucial in determining your risk factor. Take, for example, a local business with a limited customer base. This low-risk company is likely to pay less for its cyber policy than a large retail store that stores customer information and credit card numbers through its website.
On the other hand, an example of a high-risk company would be a healthcare facility or financial institution. Both typically store massive amounts of sensitive personal data like social security numbers, dates of birth, and other private information, a prime target for cybercriminals.
The higher the risk for the data you keep, the more you have to pay to protect it.
Cybersecurity Measures
Having the right cybersecurity measures in place can affect how much your cyber liability insurance will cost. The better security you have in place, the cheaper your rate will likely be, and the better your coverage.
According to Meador, some security measures that could help lower your premiums include: implementing firewalls, using encryption, and conducting regular security audits.
Annual Revenue
From an insurance agent's point of view, the more revenue your business generates, the riskier you are to cover. Unfortunately, that means your cyber insurance will be more expensive. That's because your organization will now be a more attractive target for cybercriminals. Not to mention, any business interruption you might encounter will cost more money.
Claims History
A company's prior claims history can also impact the cost of cyber insurance. Meador says companies with a history of cyber incidents or data breaches may be considered at higher risk. That ultimately results in higher premiums.
Policy Terms
Your coverage limits and deductibles can significantly influence your premiums. “Higher coverage limits and lower deductibles typically result in higher premiums,” Meador says.
While insurers technically can give their clients any limits they want, it ultimately boils down to whether they're willing to pay for it.
Deductibles, on the other hand, are the amount of loss that your organization will be responsible for in a cyber incident that is covered by your policy. If you decide to pay lower deductibles, you might pay less in the event of cybercrime. However, you will need to spend more on your premium.
Location
Your organization’s location also plays a role in determining the price of your premium. According to Meador, different states and regions can have varying regulatory requirements or levels of risk. That can either drive up or lower the amount you have to pay.
Ready to Protect Your Business From Cyber Attacks?
Cyber insurance might seem expensive, but in the current threat landscape, it can be indispensable. If you are unsure about your policy and how much coverage you need, consult an experienced insurance provider.
ITS and Datastream strive to help businesses like yours take proactive steps to bolster your cybersecurity so that you can prevent and recover from cyber incidents.
Want to learn where your security efforts currently stand? Fill out our form for a free security assessment. Or, check out the following resources for more info: