What Is Cyber Liability Insurance and Do You Need It?

Cyber liability insurance is a newly developed way to protect businesses and individuals from cyber crime. Essentially, cyber liability insurance covers the costs that have been caused by a data breach, a virus, or any other cyber attack.  

It can also cover legal claims resulting from the breach and is a great insurance policy to have for businesses and individuals who store sensitive data on a cloud or electronic device. 

In 2018, businesses experienced a total of 571 breaches which exposed over 415 million customer and employee records. In fact, business breaches accounted for about 46% of all breaches. 

You have probably heard of large companies and corporations being exposed to cyber attacks, but this doesn’t mean that smaller businesses don’t have to deal with them. In fact, smaller businesses may be at an ever greater risk of cyber attacks because they don’t have the same funds as large companies do to protect their data and sensitive information. 

Most small businesses don’t have large IT departments or staff whose job is to specifically focus on data security and prevention of breaches. These attacks can happen for many reasons, including data gathering, blackmail, doxing, and financial and idea theft. 

Cyber liability insurance comes at a very affordable price for small businesses, and yet it can mean the difference between staying in business and being exposed to crime, blackmail, lawsuits, and disgruntled employees and customers. 

Cyber Liability Insurance coverage, who needs it? 

The short answer is: anyone with sensitive data on a cloud or a mobile device. 

However, it is usually businesses that choose to get cyber liability insurance because they have a lot at stake and many people would be affected by the data breach. For these businesses, it is recommended that they have stand-alone or enhanced cyber liability insurance instead of the regular monthly service.  

This refers to businesses that store personally identifiable information (PII) for employees or customers. PII covers any data that can be used to identify an individual and cause them harm, including: 

  • Name 
  • Birth data 
  • Home address 
  • Bank information 
  • Email address 
  • Credit card information 
  • Social security number 

How Does A Cyber Attack Occur? 

A cyber breach can occur in numerous ways. Over the years, it has become more advanced and much more difficult to detect, which makes it difficult for everyone involved to stay protected. 

For example, phishing emails still remain one of the most common ways to start a cyber attack. Essentially, the hackers will create an email and even a website that looks exactly like the one for your company.  

For employees who have many tasks to do during their work time, it won’t be easy to detect that the email or the website is a scam since they may not check the sender or the URL of the website every time they access it. 

By clicking on links in the email, the hacker is able to automatically download a virus or ransomware to corrupt data files and complete the cyber attack. Unfortunately, blackmail or ransom are the most common requests from hackers to return the files, or at least to not publish them for the world to see. 

Protection you need in case a cyber attack happens 

The best way to protect yourself from cybercrime is to be aware of its presence. You need to create strong internal safeguards that will help you to keep your data safe. 

For example, if you’re a small business owner, you need to limit the access to PII to only a limited number of people in the organization. All of your passwords need to be strong and only given to the people who truly need to use them.  

Make sure that you also have access to different software tools, and you should regularly update both your passwords and your software. 

According to Brain Gill, 

“Security should be the number one boardroom agenda of any business. Technical and physical safeguards should be in place. Insurance coverage is an added layer of protection which enables the business to call upon the insurer in their moment of need.” 

What Is Covered? 

The specifics of what is covered by cyber liability largely varies depending on the insurer that you are purchasing your insurance from. There is no such thing as general or standard cyber liability insurance because each insurer has their own services and their own level of security that they can provide to customers. 

Cyber liability insurance has been available for decades and it has improved a lot over the years. However, you should still pay attention when purchasing your insurance plan because you need to make sure it is in line with your business and the kind of data you need to protect. 

In general, there are two types of coverage for you to choose from: 

First-party coverage 

This coverage includes financial support for immediate expenses that occur immediately after a cyber breach. This includes: 

  • The cost of notifying the employees and public that were affected 
  • Repairing any damaged software or hardware that was lost in the process 
  • Protecting the company’s reputation through public relations and marketing 
  • Any business interruption costs that may have happened 
  • Extortion money 
  • Any other ancillary costs 

Third-party Coverage 

This coverage is specifically designed to help the company finance any lawsuits and legal claims. This includes: 

  • Privacy lawsuits that will seek compensation for breach of customer or employee information 
  • Any fines that may occur from regulatory bodies 
  • Media liability claims such as copyright or slander 
  • Breach of contract or negligence claims 

Aside from the regular first- and third-party coverage, some companies will also include more personalized coverage that suits the business. For example, they may provide mitigation services that will help you to recognize any weak security points in your company as well as identify the possibility of cyber attacks before they actually happen. 

What Is Not Covered? 

Cyber liability insurance isn’t the only coverage that you will ever need in the sense that it doesn’t cover every single type of damage that may happen after a cyber breach. Read your insurance policy very carefully before signing it so you know exactly what you are and are not protected from. 

Usually, cyber liability insurance doesn’t include the following: 

  • Any bodily injury or property damage 
  • Criminal activity in the form of fraud and employee theft 
  • Any loss of property that may happen 

When you purchase any cyber liability policy, you will still need to make sure that you are keeping your own security measures in place. You cannot expect the insurer to cover expenses that could have been prevented had you formed at least a basic security plan for your business. 

For example, if you don’t install any anti-malware on your computers, the insurer will not cover for any damages if an employee accidently clicks on an email link that will install malware. In cases like this one, the insurance company will probably deny any coverage. 

How Much Does Cyber Liability Insurance Cost? 

Typically, cyber liability insurance can cost from as little as $500 per year to $50,000 or more per year. It really depends on the kind of insurance plan you purchase, how big your company is, how many different aspects of cyber crime you want to protect, and how well protected you already are. 

The more complex your coverage is, the more expensive it will be. On the other hand, limiting data access to only a small number of people could actually save you money. By limiting data access, you are showing the insurer that although you need their coverage, the likelihood of you being the victim of a cyber attack is small. 

Similarly, if you’ve already had many data breaches in the past and have not shown a high care for your servers and the private data that they hold, your coverage will almost always be more expensive. 


Even though it has come a long way in recent years, cyber liability insurance is still an evolving area of insurance. There is not as much clarity around the coverage as you would find, for example, in a coverage for house insurance. 

That’s why it’s even more important for you to do your own research and be sure that you read every insurance contract you receive in great detail. It may even be a good idea to request the help of a lawyer to explain any complex terminology in the contract so that you are not surprised should the worst happen. 

The coverage examples described here are hypothetical claim scenarios and are intended to show the types of situations that may result in claims. These scenarios are not based on actual claims and should not be compared to an actual claim. Whether or to what extent a particular loss is covered depends on the facts and circumstances of the loss, the terms and conditions of the policy as issued and applicable law.