Cyber Week Sale! 50% Off All Access

How to Determine If Cyber Insurance Coverage Is Right for You Cyber crime and website shutdowns pose a serious threat to many businesses. Here's a guide to buying coverage for digital disasters.

By Riva Richmond

Opinions expressed by Entrepreneur contributors are their own.

How to Determine if Cyber Insurance Coverage is Right for You

Standard business liability insurance can cover misfortunes such as missing computer equipment or a storm-wrecked office. But would it help you survive the loss or theft of valuable company data inside your computers, a website shutdown from a power failure or hacker attack, or a false-claims accusation triggered by an edgy Twitter post? Probably not.

If you possess valuable data -- especially regulated personal, financial or medical information about consumers – you might want to consider adding "privacy" coverage for the potentially onerous costs of a data breach. If you would struggle to survive an extended website or computer-network shutdown, you may need network-security coverage. And if you host online discussions and risk libel or false-claim accusations, media coverage may be prudent.

Cyber insurance also can help boost your business by giving customers and business partners more confidence in you. Some partners may even require it. Julia Claire Shapiro, cofounder of Hire an Esquire, a Philadelphia-based online matchmaking service for freelance lawyers, recently purchased cyber insurance primarily to soothe "tech-phobic" decision makers at the law firms she serves. Shapiro bundled cyber coverage with professional and general liability insurance and paid almost nothing extra.

"When we show them in our pitch that we are insured by Lloyds of London, their faces kind of soften," she says.

Of course, cyber insurance isn't for everyone. As with all insurance purchases, it's important to weigh the hazards you face, your appetite for risk and premium costs. Finding the right policy can be tricky in this booming but immature area of insurance, where many agents and brokers lack experience. Here's a roadmap for finding your way.

Related: Keeping Passwords Out of the Hands of Hackers

Assess your financial risk.
Take a hard look at your business, your data and how valuable it is, and what costs you might incur if things go wrong. If absorbing the losses could wipe you out, you're a good candidate for insurance.

Andrew Schrage, co-owner of Money Crashers, a personal finance blog, weighed these factors and decided not to buy cyber insurance. The chances of a security breach appeared slim. "And even if one took place, the fallout wouldn't be that difficult to manage," he says. "Most of the information stored on our servers is fairly innocuous, and the potential for lawsuits in the aftermath of a breach is practically nonexistent."

But a company that stores private consumer data aggressively sought by identity thieves might make a different calculation. A study of insurance-claims data for 117 privacy breaches found that the average cost is $5 per lost customer record, with a typical breach exposing 100,000 records, according to NetDiligence, a security risk assessment firm in Gladwyne, Pa. The cost includes legal defenses and settlements; crisis response, including required customer notifications; and business-interruption costs and fines. The study did not consider hard-to-measure costs such as lost business opportunities.

A free tool from the nonprofit American National Standards Institute can help you value your data and potential liability -- and the amount of insurance you may need. Although designed for healthcare organizations, it can work for any business that handles sensitive data, says Jeremy Henley, insurance solutions executive at ID Experts, a Portland, Ore., breach prevention and response company. "You would put a value on your building or your trucks," he says. "But when it comes to your data, it's hard to do that."

Related: Free Tools for Improving Online Security

Evaluate your security posture.
To manage risk, insurance carriers require policyholders to take reasonable steps to protect their businesses. Large companies have to jump through many hoops to prove this, but most small businesses can answer a simple questionnaire about their operations and existing security measures, says Todd B. Ruback, a Warren, N.J.-based privacy attorney.

An insurer may require you to make improvements, whether by putting additional security technologies in place or training employees to handle private information safely. Improving your security posture can lower your premium payment. Some carriers have web portals providing free security advice, free services like privacy training, or discounted products and services to help get you in shape, Ruback says.

Weigh insurance options.
With more than 30 cyber insurance carriers with different types of policies and prices, comparing them all can be daunting, says Rick Betterley, publisher of The Betterley Report and a cyber insurance market survey. A cyber add-on to an existing liability policy might cost $300 a year while a separate policy could cost $1,000 or several multiples of that, he says. The most affordable route may be a rider for your existing general liability policy, but be sure you are getting the necessary level of coverage.

Well-known carriers that insure companies of all sizes include Chartis and Chubb, while carriers that specialize in serving smaller companies include Ace and CNA, Betterley says.

When investigating separate cyber policies, start with a clear vision of the coverage you need, find a knowledgeable broker who can guide you, get multiple quotes and look to carriers with a track record with small companies and your industry.

Related: 7 Tips for Upgrading IT Security

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

'I Just Hustled': She Earned More Than $300,000 Wrapping Gifts Last Year — and It All Started With a Side Hustle

When Michelle Hensley lost her husband to cancer, she needed to figure out how to earn an income for her family.

Growing a Business

This Breakthrough Technology is Poised to Accelerate Your Company's Growth

Discover a breakthrough technology stacked on top of generative AI, now poised to revolutionize businesses across nearly every sector. Unlock unprecedented growth and profitability potential, achieving levels once thought unattainable.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Science & Technology

You Have 1 Month Left to Prepare for These 5 AI-Powered Marketing Changes — Act Now Before It's Too Late.

Big changes in 2025 will redefine marketing as AI evolves rapidly, offering growth opportunities but also risks. Learn how to stay ahead in this week's video, covering new search platforms and avoiding over-automation.

Business News

Google CEO Sundar Pichai Says 'You'll Be Surprised' By How Google Search Changes Next Year

AI has already changed the look of search, but Google's CEO says there are more changes to come.