Get All Access for $5/mo

How to Determine If Cyber Insurance Coverage Is Right for You Cyber crime and website shutdowns pose a serious threat to many businesses. Here's a guide to buying coverage for digital disasters.

By Riva Richmond

Opinions expressed by Entrepreneur contributors are their own.

How to Determine if Cyber Insurance Coverage is Right for You

Standard business liability insurance can cover misfortunes such as missing computer equipment or a storm-wrecked office. But would it help you survive the loss or theft of valuable company data inside your computers, a website shutdown from a power failure or hacker attack, or a false-claims accusation triggered by an edgy Twitter post? Probably not.

If you possess valuable data -- especially regulated personal, financial or medical information about consumers – you might want to consider adding "privacy" coverage for the potentially onerous costs of a data breach. If you would struggle to survive an extended website or computer-network shutdown, you may need network-security coverage. And if you host online discussions and risk libel or false-claim accusations, media coverage may be prudent.

Cyber insurance also can help boost your business by giving customers and business partners more confidence in you. Some partners may even require it. Julia Claire Shapiro, cofounder of Hire an Esquire, a Philadelphia-based online matchmaking service for freelance lawyers, recently purchased cyber insurance primarily to soothe "tech-phobic" decision makers at the law firms she serves. Shapiro bundled cyber coverage with professional and general liability insurance and paid almost nothing extra.

"When we show them in our pitch that we are insured by Lloyds of London, their faces kind of soften," she says.

Of course, cyber insurance isn't for everyone. As with all insurance purchases, it's important to weigh the hazards you face, your appetite for risk and premium costs. Finding the right policy can be tricky in this booming but immature area of insurance, where many agents and brokers lack experience. Here's a roadmap for finding your way.

Related: Keeping Passwords Out of the Hands of Hackers

Assess your financial risk.
Take a hard look at your business, your data and how valuable it is, and what costs you might incur if things go wrong. If absorbing the losses could wipe you out, you're a good candidate for insurance.

Andrew Schrage, co-owner of Money Crashers, a personal finance blog, weighed these factors and decided not to buy cyber insurance. The chances of a security breach appeared slim. "And even if one took place, the fallout wouldn't be that difficult to manage," he says. "Most of the information stored on our servers is fairly innocuous, and the potential for lawsuits in the aftermath of a breach is practically nonexistent."

But a company that stores private consumer data aggressively sought by identity thieves might make a different calculation. A study of insurance-claims data for 117 privacy breaches found that the average cost is $5 per lost customer record, with a typical breach exposing 100,000 records, according to NetDiligence, a security risk assessment firm in Gladwyne, Pa. The cost includes legal defenses and settlements; crisis response, including required customer notifications; and business-interruption costs and fines. The study did not consider hard-to-measure costs such as lost business opportunities.

A free tool from the nonprofit American National Standards Institute can help you value your data and potential liability -- and the amount of insurance you may need. Although designed for healthcare organizations, it can work for any business that handles sensitive data, says Jeremy Henley, insurance solutions executive at ID Experts, a Portland, Ore., breach prevention and response company. "You would put a value on your building or your trucks," he says. "But when it comes to your data, it's hard to do that."

Related: Free Tools for Improving Online Security

Evaluate your security posture.
To manage risk, insurance carriers require policyholders to take reasonable steps to protect their businesses. Large companies have to jump through many hoops to prove this, but most small businesses can answer a simple questionnaire about their operations and existing security measures, says Todd B. Ruback, a Warren, N.J.-based privacy attorney.

An insurer may require you to make improvements, whether by putting additional security technologies in place or training employees to handle private information safely. Improving your security posture can lower your premium payment. Some carriers have web portals providing free security advice, free services like privacy training, or discounted products and services to help get you in shape, Ruback says.

Weigh insurance options.
With more than 30 cyber insurance carriers with different types of policies and prices, comparing them all can be daunting, says Rick Betterley, publisher of The Betterley Report and a cyber insurance market survey. A cyber add-on to an existing liability policy might cost $300 a year while a separate policy could cost $1,000 or several multiples of that, he says. The most affordable route may be a rider for your existing general liability policy, but be sure you are getting the necessary level of coverage.

Well-known carriers that insure companies of all sizes include Chartis and Chubb, while carriers that specialize in serving smaller companies include Ace and CNA, Betterley says.

When investigating separate cyber policies, start with a clear vision of the coverage you need, find a knowledgeable broker who can guide you, get multiple quotes and look to carriers with a track record with small companies and your industry.

Related: 7 Tips for Upgrading IT Security

Riva Richmond is a freelance journalist who has covered technology for more than a decade. She focuses on computer security, privacy, social networking and online business and has written for The New York Times, The Wall Street Journal and other national publications. Previously, Riva was a technology reporter at Dow Jones Newswires and regular contributor to The Journal's "Enterprise" small business column.

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Starting a Business

I Left the Corporate World to Start a Chicken Coop Business — Here Are 3 Valuable Lessons I Learned Along the Way

Board meetings were traded for barnyards as a thriving new venture hatched.

Side Hustle

'The Work Just Fills My Soul': She Turned Her Creative Side Hustle Into a 6-Figure 'Dream' Business

Kayla Valerio, owner of vivid hair salon Haus of Color, transformed her passion into a lucrative venture.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


ChatGPT is Becoming More Human-Like. Here's How The Tool is Getting Smarter at Replicating Your Voice, Brand and Personality.

AI can be instrumental in building your brand and boosting awareness, but the right approach is critical. A custom GPT delivers tailored collateral based on your ethos, personality and unique positioning factors.

Business News

Is the AI Industry Consolidating? Hugging Face CEO Says More AI Entrepreneurs Are Looking to Be Acquired

Clément Delangue, the CEO of Hugging Face, a $4.5 billion startup, says he gets at least 10 acquisition requests a week and it's "increased quite a lot."

Business News

Apple Reportedly Isn't Paying OpenAI to Use ChatGPT in iPhones

The next big iPhone update brings ChatGPT directly to Apple devices.