Cost of Cyber Insurance – Cost Drivers and Cost Minimizers

red lock on a computer keyboard

Cyber liability insurance is one of the bargains of the insurance industry. Like an umbrella policy, it provides broad coverage at a low cost. Most importantly, you don’t want a cyber claim covered by other liability policies.

The cost of cyber insurance depends on a number of factors, some that you can control and some that you can’t. Many businesses can find a policy with a yearly premium between $500 and $1,000. Not a bad deal compared to $1.7M – the average cost of a cyberattack. And it doesn’t erode the limits of your professional liability insurance or increase the premiums in the event of a claim.

According to the Securities and Exchange Commission, “It has been estimated that half of the small businesses that suffer a cyberattack go out of business within six months as a result.” Without the protection cyber insurance offers, your business could be left in ruin.

How cyber insurance policies protect you

A cybersecurity insurance policy can protect your firm against financial losses, expenses related to an attack, fines, or other losses from hacking or email phishing scams. All policies will differ from carrier to carrier, but without cyber insurance, you could be left in the wake of loss or damage to electronic data, computer fraud, viruses blocking access to your data, denial of service (DOS), extortion, loss of income or extra expenses, lawsuits against you for libel or defamation, notification costs, regulatory fines, and/or damage to your firm’s reputation.

What influences the cost?

The cost of cyber liability insurance varies depending on your industry, the type of data you store, annual revenue, and coverage limits needed. It ultimately comes down to how much risk your business has.

The more prepared your firm is for an attack, the cheaper your policy will be. It is important that each business has coverage that fits their specific needs and vulnerabilities. To begin quantifying your risk, start with these questions:

Have you implemented a security plan in the case of a breach? How much is each record you keep worth? How much would you lose if your entire system were compromised? What would happen if one of your employees stole all your company files? What risks does your firm face with each new client and each new case? Do you only store personal information, or do you also store payment information? Where is your information saved? How many records with sensitive data does your company store?

Quantifying your risk may sound hard, but it’s not. In fact, you can do a reasonable self-assessment in less than an hour.

Cyber liability self-assessment

Ways to minimize the cost of cyber liability insurance

Keep in mind though, there are many other things you can do to minimize the cost of cyber insurance.

Any cyber liability insurance policy quote is based on the answers to questions on the application. The better the firm is protected, and the more training provided to employees, the less the policy will cost.

The questions vary from carrier to carrier, but this is the type of information you can expect to provide when considering cyber liability insurance:

  1. Does your firm use laptops? Are they password protected?
  2. Are physical security procedures in place to control access to your computer systems?
  3. Are written network security and privacy policies in place?
  4. Do you have the most current version, updates and patches of firewall, anti-virus, anti-spyware and software?
  5. Are data backups of your computer systems performed a minimum of every 72 hours?
  6. Are formal procedures in place to report and respond to unauthorized attempts to access your systems?
  7. Is there a written document retention and destruction policy in place for employees?
  8. Do your firm’s practices include continuing education and training programs for risk management?

Choosing specific coverages

Other factors that can drive up or bring down the cost are what coverages you choose. When looking at a cyber policy, you will want to know exactly what the policy offers – Are both first-party and third-party coverages included? What types of events are covered? How will the carrier respond to certain occurrences?

Are these coverages important to the protection of your firm?

  • Network security coverage – covers the insured against breaches to the network, including viruses, the blocking of services, or unauthorized access.
  • Financial support – covers some of your lost business.
  • First responder service – covers costs associated with notifying and communicating with clients affected by the breach.
  • Legal costs – covers legal expenses and lawsuits that stem from the cyberattack.
  • Cyber extortion loss – covers costs related to dealing with and responding to extortion threats.
  • Enterprise liability coverage – covers the insured for failing to prevent the theft or the crime.
  • Crisis management loss – covers notification expenses, credit monitoring and public relations assistance.
  • Media liability coverage – covers exposure from the insured’s website, including copyright infringement, slander, defamation and libel.
  • Data loss – covers the firm’s costs associated with replacing or restoring data that was lost in a breach.
  • Privacy liability coverage – covers costs related to crisis management and notifying the affected parties of the breach for losses related to failing to protect clients’ personally identifiable information.

How a stand-alone cyber policy supplements professional liability coverage

Say you already have a professional liability policy. Isn’t that enough? The danger is that it may not cover everything from a cyberattack. Even if the claim were covered, the firm’s professional liability limits could be exhausted by the claim. According to the American Bar Association, “one in four law firms has had their information hacked”, so it might not be the best idea to depend on your firm’s professional liability policy to cover you in the case of a cyberattack. Doing so limits the amount of coverage you have available for future professional liability claims.

Worth every penny

Every business that works with sensitive data should take the time to evaluate their security risks and consider purchasing a cybersecurity insurance policy. According to a 2019 study by IBM and The Ponemon Institute, the average cost per record lost in an attack is $150, and the average cost of a data breach is $3.9 million. They also found the average time to identify and contain a breach is 279 days. Think about how many records could be lost in that amount of time… then multiply that by $150 per record. That number is far greater than what a cyber insurance premium will cost you.

Now that you know more about the factors affecting cyber policy costs, you can speak more confidently to an agent about your firm’s specific security vulnerabilities, and choose the coverages needed to protect against a cyberattack.

More Articles

View All Articles

Cyber Liability vs. Data Breach Insurance: Key Differences to Know Before You Buy

Understanding the key differences between Data Breach Insurance and Cyber Liability Insurance can help you make smarter, more confident decisions. Whether you're considering standalone policies or filling gaps in your current coverage, knowing what each policy offers is important to choosing the protection that is most suited for you and your business.

Defending Against Ransomware Attacks Today

Explore the history of ransomware attacks, the tactics used today, and the proactive measures you can take to protect your law firm from this growing cyber threat.

CTA-Background-Cyber001.jpg

Request a Cyber Liability Estimate

If you own a business, you are a target. Cybercriminals are vicious, and no one is immune.

Protect your law firm and your clients with Cyber Liability Insurance.