Do You Know What Cyber Insurance Covers (and Why You Need It)?

Reasons to hack your business can range from simply proving it’s possible to acquire a ransom. The dark web is rife with sensitive data for sale, including Social Security numbers and company trade secrets. It’s also a place to score malware starter kits or ways to exploit vulnerable code. While many known hacks are reported, it’s difficult to quantify how many go unnoticed.

Smaller businesses often believe they fly safely under the radar when it comes to data protection and risk management. But the statistics show that small and midsized businesses are the most vulnerable to cyberattacks simply because they’re smaller and easy targets. Other businesses assume their data isn’t attractive to hackers since they don’t track Social Security numbers or store credit card data. This is also an incorrect assumption. In the cyber underworld, any data is valuable, and it’s often used to design more intelligent (and profitable) social engineering scams.

One thing’s for sure: Cyber liability insurance is a necessary part of risk management and shouldn’t be viewed as merely an option.

What does cyber liability insurance cover?

Some insurance companies distinguish between cyber liability and data breach insurance. Usually, the difference has to do with the size of the business, if there’s any difference at all. “Cyber liability” is generally a term used for larger companies, and “data breach” is often used for small and midsized companies. Cyber liability and data breach insurance aren’t standardized the way property and auto policies are. Most cyber insurance uses a customized approach to coverage — a collection of endorsements specifically tailored around your coverage needs.

Cyber liability insurance often covers costs relating to:

  • Lost income caused by a cyberattack
  • Customer notification of a data breach
  • Reputational damage and public relations support
  • Legal defense related to a breach
  • Civil damages and settlement awards
  • Repairing damage to computer systems and networks
  • Free credit monitoring for affected customers
  • Recovering encrypted data
  • Cyber extortion and ransom demands, as well as ransom negotiations
  • State and federal fines and penalties
  • Extortions paid to recover locked files in a ransomware attack
  • Computer fraud
  • Loss of transferred funds
  • Loss of revenue and business interruption due to a cyberattack
  • Dependent business interruption system failures
  • System failures of outsourced providers
  • Strengthening and improving your system to make it more resistant to a future breach (this may be called “betterments” coverage)

Your agent will help you identify your unique risks and find a cyber liability policy that fits your needs and budget.

Keep in mind that most of these coverages exclude employees and contractors. (For that, you’ll need employee theft coverage.)

Your agent can help with the moving parts

Cyber liability insurance responds to many interrelated moving parts, and the policies themselves can get just as complicated.

But how do you know what you need to cover if you’re unclear on the exposure and terminology?

Coverage to ask your agent about

Many cyber insurance policies are a mix and match of coverages based on specific risks (aka a per-insuring agreement). Your agent can help you insure the gaps in your cybersecurity plan by:

  • Taking time to understand your business operations and data liability
  • Narrowing down the type of cyber coverage that works best for your risk areas
  • Explaining the cyber questionnaire required by the insurance company
  • Matching you with the best cyber policy for your risk level
  • Presenting you with a quote to fit your budget
  • Explaining the details of the coverage and answering any questions you may have

Below are some common cyber policy options. Check with your agent about the ones that are included in your general policy and the ones you’ll need to add on.

Cyber liability coverage option:What it’s for:
Forensic investigations


Costs related to computer forensic analysis.

Forensics can reconstruct how a data breach occurred, identify the stolen data and assist with restoration. (Data reconstruction might also be a separate endorsement, so check with your agent.)

Litigation (defense) expensesDefense costs related to the data breach.

Check the limits and the wording on this one. Legal bills might exhaust your coverage before your claim completes. You might want to get excess or umbrella coverage.

Regulatory defense expenses or finesExpenses associated with state or federal laws.

You might have to defend yourself in civil court and pay fines or penalties for non-compliance with existing data protection rules (like the Consumer Data and Privacy Security Act).

Cyber event response coachingProactive consultation.

Depending on the policy, you might get free, proactive advice from a data response coach (usually a lawyer) on compliance and security to prevent a breach. Check with your agent about this valuable coverage.

Crisis management or reputational damagePublic relations and customer notification.

You’ll incur costs to notify customers about the breach. You’ll also have to pay for free credit monitoring services and release statements about how you’re handling the incident and the steps you’re taking to prevent a future breach. You’ll probably need a company to do these things for you. (Some policies have a complimentary service, while others reimburse your expenses.)

Business interruption and lossesLost business due to a security breach.

If a malignant hacker takes down your website or ordering system, your clients (and vendors) won’t be able to do business with you. Depending on the hack, you could lose weeks of revenue while restoring your systems.

Cyber extortion or ransom demandNegotiations.

If a nefarious hacker locks you out of your network and your data is encrypted, you’ll need help negotiating the demands. (Think about losing the use of your email, client resource manager, website, e-commerce, proprietary data, ordering systems, fleet tracking or GPS.)

BettermentsUpgrade after an attack.

A betterments endorsement can help offset the cost of replacing hardware or software after a covered data breach. After the attack, you’ll probably need the upgrades to correct any vulnerabilities. You might even be required to make the upgrades as part of your claim settlement.

Post-breach first partyHelps when your system is breached.

It can help with data restoration, client notification, and forensic analysis (for proof of the attack and how it happened).

Post-breach third partyHelps when your client’s system is breached and they sue you for it.

It can help with legal defense costs or forensic analysis to prove (hopefully!) you weren’t the weak link that caused the breach. It’s an asset to freelancers and businesses working inside their clients’ systems.

Extended reporting period (ERP)Extends the dates of coverage for reported claims.

An ERP allows you to extend the dates that your insurance coverage will respond to a claim reported. It can be useful if you think you might have a claim reported against you after your policy has ended.

Claims-made basisClaims are covered only if the claim is reported within the dates of the policy.

A claims-made policy covers claims reported during the policy period or within the ERP. Check the declarations page of your policy for coverage dates and any extensions.

Per-occurrence basisClaims are covered based on the date of the event.

Per occurrence covers incidents that occur during the active policy dates, even if they’re reported years later. It’s unusual for a cyber policy to be on a per-occurrence basis.

Defense within limitsLegal defense costs and retainer fees are applied to the policy limits and reduce the overall funds available for coverage.

If you have $750,000 in cyber liability coverage and spend $650,000 on legal costs, you’ll only have $100,000 left for future expenses (like settlement fees, credit monitoring, fines or data recovery). Ask about separating defense costs from the rest of your cyber policy or ask about an umbrella or excess insurance policy.