Cyber Insurance
What kind of work do you do?
Or call us at (800) 688-1984
Female computer engineer working in server room.
Choose from the nation's best insurance providers
Logos of Insureon's business insurance carrier partners

How much cyber insurance do I need?

Evaluating the risk of a cyberattack and the related costs of data recovery and legal expenses can help you determine how much cyber liability insurance your small business needs.

How does cyber insurance protect small businesses?

Cyber insurance helps your business financially survive data breaches and cyberattacks. It's also called cyber liability insurance or cybersecurity insurance.

Any small business owner with a computer and an Internet connection faces a certain level of cyber risk, as cybercriminals can target them with phishing, malware, and ransomware attacks.

A cyber insurance policy not only covers the cost of recovering from a data breach, but also provides assistance with the lawsuits that often result. Your legal expenses could include attorney’s fees, court-ordered judgments, and settlements.

Additional costs may include:

  • Business interruption insurance (or business income coverage) as you recover from the attack
  • Paying for a digital forensic investigation
  • Repairing any security weaknesses
  • Notifying any affected customers
  • Paying a ransom to unlock your data
  • Credit card and fraud monitoring services for affected customers
  • Regulatory fines from the Payment Card Industry (PCI)
  • Public relations to protect and restore your reputation

How much cyber insurance does my business need?

The amount of cyber liability coverage you need depends on your business, your industry, and the type of personal information or customer data you handle.

If your company stores personally identifiable information (PII) on its computers, you could face expensive lawsuits and government fines over stolen data. PII includes full names, Social Security numbers, driver’s license numbers, bank account information, credit card numbers, and email addresses.

Most small businesses purchase a cyber liability insurance policy with a $1 million per-occurrence limit, a $1 million aggregate limit, and a $1,000 deductible. These are the limits you'll likely be offered when you first start looking into coverage.

Data breaches cost an average of $180 per lost or stolen record of customer PII, which means this coverage limit is high enough to protect a small business that handles a few thousand records. However, customer records aren't the only thing to take into account.

A data breach costs a business an average of $180 per lost or stolen record of customer PII.

What others factors can impact the amount of coverage needed?

Costs can vary depending on other factors, such as:

  • Data sensitivity
  • Industry regulations
  • Potential losses
  • Cybersecurity practices
  • Company size

The risk is especially high for healthcare facilities and other businesses that handle medical records and other protected health information. This falls under the Health Insurance Portability and Accountability Act (HIPAA), which sets national standards for protecting personal information and reporting compromised data. HIPAA violations can result in hefty fines.

Some carriers offer a risk assessment for your business when you buy cyber insurance. This isn't only to determine your premium, but also to help you avoid costly cyber incidents—which is the best scenario for both you and your insurer.

They'll often recommend steps you can take to mitigate your risks and lower your premium. You might also gain access to cybersecurity tools, such as systems monitoring and automated alerts.

If your company handles data that may put it at higher risk, purchasing a cybersecurity policy with higher coverage limits may be a smart option. Many policies have a maximum coverage limit of $5 million, but you can discuss your need for more coverage with your insurance agent or provider.

Get free cyber insurance quotes for your business
Small business owner looking for insurance quotes on their tablet.

What do cyber insurance coverage limits mean?

As with most types of business insurance, cyber liability insurance policies have two limits:

  • Per-occurrence limit: The maximum amount that your insurance company will pay for a single incident under the terms of your policy.
  • Aggregate limit: The most your provider will pay for all claims during a policy period, which is usually one year.

What are the types of cyber insurance coverage? 

There are two types of cyber insurance coverage: first-party and third-party coverage.

  • First-party cyber insurance, also known as data breach insurance, protects against the direct impact of a data breach or cyberattack on your business. This includes recovering data, notifying customers, and providing credit monitoring services for affected customers.
  • Third-party cyber insurance addresses legal costs if a client experiences a data breach and sues your business for failing to prevent it.

From retailers to restaurants, every business that stores sensitive information should invest in first-party coverage. Third-party coverage is primarily for tech professionals, such as IT consultants and network security experts who could be held responsible for a data breach at a client's business.

Both types of cyber insurance cover a wide range of expenses, such as contingent business interruption, cybercrime investigations, crisis management, and cyber extortion. However, only third-party coverage pays for your legal fees in the event of a lawsuit.

How much does cyber insurance cost?

A small business owner calculating their cyber liability costs

Your cyber insurance premium depends on a number of factors, primarily the amount of PII stored by your business and your annual revenue.

The average cost of cyber insurance is $145 per month for Insureon customers.

Cybersecurity and information technology companies tend to pay more, as they need third-party coverage in case a client blames them for a security breach.

What our customers are saying

What are common requirements for cybersecurity insurance?

While every company can apply for cyber insurance, you do need to comply with your insurance company's requirements to qualify. An insurance carrier won't extend coverage to a company that hasn't taken basic precautions against vulnerabilities, as there's a high chance they'll end up paying for a claim.

Here are a few cybersecurity measures your provider might ask you to implement:

  • Multi-factor authentication (MFA): This means entering two unique identifiers, such as a password and a texted code, to log into secure systems.
  • Security training: Employees should be trained to recognize cyber threats, including social engineering attacks like phishing, and receive instructions for best practices from automatic screen locking to strong passwords.
  • Data backup: Your company's important data should be encrypted and backed up regularly to a separate network to protect it from accidents and hackers.
  • Endpoint detection and response (EDR): This involves monitoring your employees' devices to make sure software is kept up to date and to identify risky behavior.

How much cyber insurance do independent contractors need?

As with any business, the amount of cyber insurance that independent contractors need depends on the amount of data they need to protect. It also depends on the risks associated with their work, such as maintaining a database of customer information, or recommending software to clients.

While it’s not likely that an independent contractor would need first-party cyber coverage, they might need third-party cyber insurance to protect themselves from lawsuits. This is especially true if a client deals with PII, such as medical records.

In fact, some clients that handle sensitive data require their contractors to have third-party liability coverage to assure them that the contractor can pay for a cyber liability lawsuit if their work results in a data breach. Client contracts most often require a $1 million per-occurrence limit.

In today’s litigious society, a contractor could face expensive legal defense costs after a data breach, even if they were not at fault.

You may also like
Man in suit hands over notice of lawsuit.
How to avoid getting sued for a data breach
When businesses experience a data breach, they may blame their IT professionals and sue. Here’s how your IT company can avoid these costly lawsuits.
Go to articleforward arrow

How much cyber insurance should your clients have?

If your clients handle sensitive data, you may want assurance that they can handle a lawsuit or other data breach costs. It may be wise to encourage your clients to purchase cyber liability insurance, or even require it before you take on a risky project.

If you require that a client purchase cyber insurance in a work contract, you can specify the amount of coverage. This way, if a data breach occurs, you can potentially avoid legal costs by ensuring that your clients have the means to cover the cost of a data breach themselves.

Can you add cyber coverage to an existing business insurance policy?

You can often add first-party cyber coverage to general liability insurance or a business owner’s policy (BOP). A BOP combines general liability and commercial property insurance under one policy, usually at a lower cost than if both policies were purchased separately.

Third-party cyber insurance is often included in errors and omissions insurance (E&O). In the IT field, this bundle is also known as technology errors and omissions insurance, or tech E&O.

Cyber insurance doesn't cover every risk—which is why you need additional policies. It also has several exclusions, such as third-party mechanical failure, blackouts, and damage to tangible property that results in lost data.

Here's a quick summary of other top policies to consider for a strong risk management plan:

  • General liability insurance pays for legal costs in the event of a customer lawsuit stemming from an injury or damaged property.
  • Commercial property insurance covers your building and everything in it, such as computers, equipment, and furnishings. It pays for financial losses from fires, storms, and theft.
  • E&O insurance covers the cost of a lawsuit if a client accuses you of failing to deliver on a contract or making a mistake. It's also called professional liability insurance.
  • Electronic data liability coverage covers physical damage that causes lost data, such as computer systems damaged by a power surge.
You may also like
Server room with cybersecurity padlock
Why do cyber insurance claims cost so much?
There has never been a greater risk of cyberattacks against small businesses, and the costs have never been higher. Learn why cyber insurance claims are so expensive, and how cyber liability insurance can help protect your business.
Go to articleforward arrow

Find quotes from trusted insurance companies with Insureon

Complete Insureon’s easy online application today to compare quotes from top-rated insurance carriers for cyber policies. A licensed insurance agent will help you explore your options and find the best insurance solutions for your business needs. Once you find the right policy for your small business, you can begin coverage in less than 24 hours.

Updated: April 2, 2025

Find cyber insurance quotes

Save money by comparing insurance quotes from multiple carriers.
EXPLORE ON INSUREON
Electronic data processing insuranceHow to prevent a data breach at your businessWhy pen testing is key to cyber insurance eligibilityState data breach notification laws and requirementsDoes your cyber insurance have business interruption coverage?What information is needed for a cyber insurance application?