Cyber insurance

Cyber insurance helps businesses recover from data breaches and cyberattacks, which are increasingly common and costly. It provides crucial protection for businesses that handle sensitive information that could be exposed in a security breach.

A data breach isn't just an inconvenience—it can put you out of business. The average cost of a breach is $10.22 million in the United States. Nearly 43% of cyberattacks are against small businesses, which are targeted due to their vulnerabilities, such as less investment in cybersecurity.

Cyberattacks and data breaches can incur a wide range of expenses, such as customer notifications, credit monitoring, attorney's fees, fines, data recovery, and forensic investigations. A cyber insurance policy would cover all of these costs.

Cybersecurity insurance covers your incident response costs associated with data breaches and cyberattacks, including the cost of recovering important data and hiring legal representation.

There are two types of cyber insurance coverage: first-party coverage and third-party coverage.

Most businesses need first-party cyber coverage to defend against their own cyber risks, especially if they handle personally identifiable information (PII) for customers.

Companies that are responsible for their clients' cybersecurity would need third-party cyber liability insurance to provide legal protection from client lawsuits.

First-party cyber insurance coverage, sometimes called data breach insurance, covers costs related to a data breach or cyberattack that directly impacts your business.

Small business owners can often add this coverage to their general liability insurance. It’s recommended for businesses that collect personal information, such as customer email addresses or credit card numbers.

Specifically, first-party cyber insurance can help cover:

Third-party cyber insurance coverage helps pay for legal costs when a client sues your company for failing to prevent a data breach or cyberattack at their company. This insurance is recommended for tech companies that make software recommendations to clients or are responsible for their cybersecurity.

Third-party coverage can be bundled with your errors and omissions policy into what is known as technology errors and omissions insurance, or tech E&O.

Specifically, third-party cyber insurance can help cover:

Cyber liability insurance is a key policy for companies that operate in cybersecurity, work in a cloud environment, or handle sensitive customer information.

While any business can fall victim to a data breach or cyberattack, a few industries are particularly vulnerable, including:

Cyber insurance covers legal costs when a client blames your tech company for failing to prevent a data breach or cyberattack at their business.

For example, if an IT consultant leaves data for a small healthcare company unsecured on Amazon Web Services, and a cyberattack exposes hundreds of Social Security numbers and email addresses belonging to the company's customers, the healthcare company could blame the consultant and file a lawsuit.

The consultant's cyber liability policy would pay for legal defense costs and the eventual settlement.

Cyber insurance helps retailers recover after a data breach or cyberattack on their business. It's recommended for any shop that handles customer email addresses, credit card numbers, or other personal information.

For example, an employee at your clothing store accidentally clicks on a link in a social engineering email containing a malicious computer virus. The virus encrypts data crucial to your business’s operations and demands a ransom for its retrieval.

Your cybersecurity insurance reimburses you for the ransom and for the cost of hiring someone to look into the source of the attack. Cybercriminals commonly use social engineering to deceive employees into initiating these types of attacks.

Healthcare organizations and medical service providers often have to abide by strict privacy and security guidelines, such as the Health Insurance Portability and Accountability Act (HIPAA), to avoid regulatory fines and other legal consequences.

Cyber insurance for medical practices can help cover financial losses and provide essential resources. That includes the cost of notifying clients that their data was exposed, credit monitoring services for affected clients, and PR campaigns to restore reputation.

For example, a denial of service (DoS) attack on a doctor's office disrupts their appointment scheduling system and other online services. The consequences include lost profits, reputational damage, and difficulties obtaining patient care.

Cyber insurance would cover business interruption expenses while the facility works to reboot and upgrade security on its system. It would also help pay for a PR campaign and any related fines or legal fees.

Cyber insurance can cover legal fees and expenses for financial professionals, while also providing vital resources to help recovery if they experience a cyberattack or data breach.

For example, if a tax preparer asks a client to upload a document with sensitive data online and that client data is stolen or compromised, the affected client might decide to sue the tax preparer to recoup expenses.

Cyber liability insurance can shield your business from legal expenses related to a data breach by paying for court costs and attorney fees.

Cyber insurance for real estate professionals can help pay for recovery expenses while also providing resources to help aid customers affected by data breaches and other cyber risks.

For example, a real estate agent loses a laptop containing sensitive client information. The data breach laws in their state require them to notify their customers, and they also run a PR campaign to help restore trust.

Cyber insurance provides coverage for notification costs, PR efforts, fraud monitoring services, and other related expenses.

While cyber insurance covers costs related to cyber threats, it does have a number of coverage exclusions. For example, it does not cover data loss caused by a power outage.

Other exclusions from cyber liability insurance coverage include:

Data breaches can happen for a variety of reasons. In 2025, most breaches (51%) were malicious or criminal attacks, while 26% were caused by human error and 23% by an IT failure.

Security breaches are more likely to happen when your software is out of date or when your business lacks cyber controls, such as firewalls and multi-factor authentication.

Employee training is also essential. An untrained employee might download malware, click on a link in a phishing email, or fail to install important updates.

When a data breach or cyberattack occurs at a business, cyber insurance helps pay for an incident investigation, data recovery, and other related costs. Learn more about protecting your business from ransomware attacks and other threats.

If you want to learn more about this policy, you can find additional information in our frequently asked questions about cyber insurance.

If you have any other questions, or if you'd like help finding the right insurance products for your small business, ask an Insureon agent.