5 Questions to Ask About Cyber Insurance

Know the basics before getting started

Key takeaways

  • Although the frequency and cost of cyber events are rising, many businesses question the need for cyber insurance
  • Cyber insurance can help offset recovery costs after a cyber event, and also protect policyholders against liabilities
  • Working with insurance providers and your own internal subject matter experts can help you identify appropriate cyber insurance coverage

From malware and phishing to network outages and data exposure error, it seems that not a week goes by without hearing of another cyber event. Compounding this problem is the cost of remediation, rising 10% over the past five years to $3.86 million on average.1


Despite increasing cyber events and costs, many businesses are unaware of cyber insurance. Here are answers to five key questions.

Five-year increase in Internet crime complaints

  • +165% criminal complaints
  • +180% total dollar losses

Source: 2020 Internet Crime Report, Federal Bureau of Investigation

1. What is cyber insurance?

Known alternatively as cyber risk insurance or cyber liability insurance coverage (CLIC), this insurance product is designed to help an organization mitigate risk exposure by offsetting costs involved with recovery after a cyber-related security breach or similar event.”2

2. Does business insurance cover cyber events?

Business insurance may offer a level of protection or none at all. Cyber insurance has been available since about 2005, but with cyber crime projected to cost $5.2 trillion in potential future revenue opportunities worldwide in the next five years,3 companies should reassess their current coverage, needs and risk appetites.

Average data breach cost is $3.86 million


Source: IBM Security, Cost of a Data Breach Report, 2020

3. How have security threats changed?

While beneficial to businesses, computer networks and connected devices are also expanding the threat landscape. Unapproved use of computer applications inside companies, known as Shadow IT, and employee-owned devices, such as mobile phones, create new access points for attackers. Other vulnerabilities include IOT devices and public Wi-Fi networks, all of which are entry points to your network that cyber criminals could exploit.

Vulnerabilities graphic

4. Do insurers offer different coverage types?

The cyber insurance market provides first-party coverage, which insures against the direct impact of a security breach. Insurers also offer third-party coverage to protect policyholders from claims made by others as a result of a breach.

5. What is the range of coverage?

Industry sources recommend coverage that protects against three main risk areas: privacy, information and operations. These risk areas include a range of cyber events, including network breaches, business interruption, information security and privacy liability, cyber extortion and more.

1IBM Security, Cost of a Data Breach Report, 2020.

2Kim Lindros and Ed Tittel, CIO, “What is cyber insurance and why you need it,” May 4, 2016.

3Accenture “Ninth Annual Cost of Cybercrime Study,” March 2019.