Cyber security insurance protects businesses against losses related to data breaches, malware and other attacks from bad actors. The best cyber insurance is designed to meet the specific needs of a business and provide adequate financial protection at a reasonable cost. In this article, we’ll explore some of the best insurance companies for cyber coverage and show you how to choose the right cyber insurance provider for your business.
Our Top Picks for Best Cyber Insurance
- Hiscox: Best for Startup Businesses
- Zurich North America: Best for Midsize Businesses
- Chubb: Best for Enterprises
- Travelers: Best Cyber Liability Coverage
- The Hartford: Best for High Policy Limits
Best Cyber Insurance Reviews
Why we chose it: Hiscox caters specifically to small businesses and covers essential costs for startups, such as data breaches, data recovery, cyberextortion and cybercrime at an affordable price.
- Affordable price
- Positive reviews
- $2 million coverage may not be adequate if your company scales
Hiscox cyber insurance policies cover data recovery, business interruption, cyber extortion costs and more. Cyber insurance premiums for startups vary depending on factors such as the type of business, the size of the business and the level of coverage needed. However, Hiscox is generally known for offering affordable rates for its cyber insurance policies. While you can’t see the prices for cyber insurance on Hiscox’s website, the company’s general liability insurance coverage is reportedly lower than many competitors.
This company requires a minimum of $1 million in general liability coverage for most of its contracts. Hiscox can provide up to $2 million in cyber coverage, which is a suitable amount of protection for most small businesses. However, this may be a disadvantage if your business needs to scale quickly. In that case, $2 million might not be enough, and a cyber insurance company for mid-sized businesses may better serve you.
Hiscox has a good reputation on Trustpilot, with 3.7 out of 5 stars based on 894 reviews. Reviews highlight the user-friendly platform, while complaints target the quality of customer service.
Why we chose it: Zurich offers coverage up to $25 million, which is more than enough for most small- and mid-size businesses. Zurich has provided cyber insurance for over 10 years, making it one of the most experienced firms on the market.
- Coverage of up to $25 million
- Extensive coverage
- Option to hire additional cybersecurity consulting services
- Negative online reviews
- Many online complaints focus on the claims process
Zurich focuses on midsize businesses and enterprises, which allows it to provide excellent service and coverage tailored to businesses of thos sizes. The insurer offers coverage up to $25 million for privacy liability, regulatory proceedings, defense costs, civil fines, media liability, data breaches, business interruption and reputational damage. Zurich also offers Cyber Risk Engineering services. With these services, Zurich’s expert cybersecurity team can help you identify security threats in your system.
Still, Zurich has poor reviews online. On Trustpilot, the company scores 1.2 out of 5 stars based on 160 reviews. On the Better Business Bureau (BBB) website, it has a 1.9- out of 5-star rating based on 90 user reviews. Customers’ primary complaint is that Zurich’s claim process could be better. Still, Zurich is accredited by the BBB with an A+ rating by the organization.
Why we chose it: Chubb caters to challenges faced by large companies by covering payment card loss, business interruption and extortion expenses, including for cryptocurrencies and cybercrime.
- Scaling coverage for enterprises
- No minimum premium
- Covers payment card loss, business interruption, extortion expenses and expenses related to cryptocurrencies
- Poor online reviews
Chubb is known for being one of the market’s most reputable and comprehensive insurers, but it is reportedly expensive. There is no minimum premium and the company’s premiums scale based on your level of risk.
Chubb covers payment card loss, business interruption and extortion expenses, including cryptocurrencies and cybercrime. The company also understands that new technological advances come with increased risks and compliance issues. To address these concerns, Chubb can provide unique coverage that adapts to the future needs of your business.
That said, Chubb has largely negative online reviews. The company has a 1.2- out of 5-star rating on Trustpilot, based on 324 reviews. It has scored a D- from the BBB and earned only 1.36 stars out of 5, based on just 11 reviews. However, there aren’t many reviews on either of these websites, so these ratings don’t mean you’ll have a negative experience with the company.
Why we chose it: Travelers provides coverage for forensic investigations, litigation expenses, fines, crisis management expenses, business interruption, cyber extortion and security improvements that can protect your business.
- Great liability coverage
- Useful for businesses of all sizes
- Less-than-stellar customer service
- Clunky online quote process
Travelers doesn’t publish premium information on its website. However, the company isn’t considered very expensive because it targets many of its services to small businesses. Additionally, the insurer covers everything you need in case of a data breach, including:
- Forensic investigations
- Litigation expenses
- Regulatory defense expenses/fines
- Crisis management expenses
- Business interruption
- Cyber extortion
- Replacement of compromised software
Many cyber insurance companies don’t offer coverage for forensic investigations, litigation expenses, fines or crisis management. So, if your business is susceptible to data breaches, Travelers may be a good option.
There aren’t many online reviews for Travelers, but those that are available aren’t very positive. On the BBB website, Travelers scored 1.03 out of 5 based on 135 user reviews. The main complaints focus on customer service and the claims process. However, most reviewers mention auto insurance and other similar products — not cyber insurance.
Overall, Travelers has greater coverage for cyber liability than many other providers — but its customer service, online quoting and claims process can improve.
Why we chose it: The Hartford has the highest policy limits for companies with more than $250 million in revenue. It provides primary capacity for risks with revenues up to $500 million and excess capacity for risks with revenues up to $1 billion.
- High policy limits
- Worldwide coverage
- Covers business interruption for up to 24 months
- Elevated cost
- Low online reviews
- Customer service and claim process could be better
With this kind of coverage for enterprises, you can expect a higher cost and, depending on your coverage, that cost can climb to several thousands of dollars per year. However, you get worldwide coverage of fines, business interruption of up to 24 months, cyber deception loss, reputational loss, cyber extortion demands and privacy breaches, among other coverage. The Hartford also provides extra services, including risk mitigation tips, pre-claim investigation and claim prevention assistance coverage.
Note, however, that only companies in the following industries are eligible for this type of coverage: construction, entertainment, financial institutions, healthcare, higher education, hospitality, manufacturing, retail, utility and energy, transportation and wholesale distribution. If you’re in another industry, you might need to look into other insurance options.
The Hartford also has a rather poor online reputation, with few and largely negative user reviews. The company has a 1.3- out of 5-star rating on Trustpilot (based on 78 reviews) and 1.07 out of 5 stars on the BBB website (based on 142 reviews). Similar to other providers, the main issues reported by consumers are customer service and the claims process.
Other cyber insurance companies we considered
To make this list, we looked at many other cyber insurance services that didn’t make the cut. However, there are some still worth checking out. Below you can find those companies that we also considered.
- Great data breach coverage
- Good policy limit of $100 million
- Negative online reviews
- Limited policy options
AIG is a reputable insurance firm that specializes in data breach coverage, with a policy limit of $100 million. However, the policy options are limited, reviews are negative and customers say the claims process is very slow.
- Great for tech, media and healthcare industries
- Good for small to medium businesses
- Limited user reviews
- No standout features
Beazly has great coverage and decent limits for small to medium businesses in the tech, media and healthcare industries. However, there are no reviews of the company on Trustpilot or the BBB website, making it difficult to judge customer opinion.
- You can submit claims 24/7
- Great coverage
- No standout features
AXA XL provides coverage for privacy, network, media and errors and omissions, among other options, and you can submit claims 24/7. Still, it doesn’t stand out in the categories from this list, and users complain of the slow claims process for other types of insurance coverage.
Cyber Insurance Guide
Gaining a deeper understanding of cyber insurance is key to selecting an insurance provider. Without this knowledge, you might struggle to find coverage that matches your business’s specific needs.
What is cyber insurance?
Cyber insurance is a type of insurance designed to financially protect you and your business from internet-based risks and losses. It typically covers a wide range of threats, including data breaches, hacking, cyberattacks and online extortion. Cyber insurance won’t defend you from these problems, but if they do occur, it can help you recover the money you lost.
Coverage may include financial losses for data recovery, business interruption, liability claims, fines, extortion and other consequences of a cybersecurity breach. Some policies can also cover the cost of public relations if an incident results in damage to your company’s reputation.
The need for cyber insurance has grown significantly in recent years as cyber attacks have become increasingly common and sophisticated. Not only has cyber insurance become a necessity for businesses, but it can also be helpful if you are personally at risk of cyberattacks.
Personal cyber insurance
Personal cyber insurance covers expenses related to identity theft, online harassment, cyberbullying, damage to personal devices and data loss. Personal policies may also offer services like credit monitoring, fraud resolution assistance and legal support. These issues can be very expensive, but fortunately, cyber insurance for individuals usually comes with a low monthly price. It’s worth noting that personal cyber insurance is purchased as stand-alone coverage or part of a homeowners insurance policy, but not part of a business policy.
Business cyber insurance
Business cyber insurance is designed to protect your business from financial losses related to data breaches, network damage, cyber extortion, business interruption and lost income. Some cyber insurance providers also offer advanced services to improve your company’s cybersecurity protocols. You risk huge losses and even legal trouble if your company mishandles customer data, so business policies have much higher coverage than personal insurance.
How does cyber insurance work?
Whether you’re insuring an individual or a business, start by applying for coverage and providing information about your needs. If you’re getting coverage for your business, the insurance company will perform a risk assessment to determine the level of risk it would incur by underwriting a policy. The insurer will calculate your premium based on this information.
If a cyberattack occurs, you need to submit a claim. Some insurers offer an online claims platform, while others require you to call an agent. The insurer will then investigate the problem and guide you through the next steps. The insurance company may use a forensic investigator to determine the scope of the attack and will notify the affected parties. Some policies include payments to address ransomware demands.
Once the losses are quantified, the insurer will pay out your claim up to your coverage limits, less any deductible. Alternatively, your insurer may directly pay the costs to repair damages sustained from a cyberattack (such as repairing or rebuilding a website or other key digital infrastructure).
Unless the insurer provides additional cybersecurity services, it won’t help you fight these attacks before they happen, so make sure you also focus on prevention. Using a secure cloud storage platform is essential to preventing the theft of sensitive business documents. If you’re looking for secure storage, read our guide for the best cloud storage solutions for small businesses.
Another key cybersecurity best practice is enabling two-factor authentication (2FA) across your entire organization. 2FA is a common additional security measure, so hackers can’t access your account even if your passwords are stolen. Usually, 2FA will ask you to verify your account ownership through a text message or a second email address.
Cyber insurance pros and cons
Cyber insurance can protect your business from the financial consequences of cyber attacks and other breaches. However, this type of coverage has some drawbacks and it isn’t right for every business.
Financial protection: Cyber insurance can give you peace of mind in case of cyberattacks by protecting your assets. Policies can cover the costs of restoring stolen data, lost business, repairing damaged reputation and much more. Some insurers also cover the cost of fines you incur if you’re sued for stolen data.
Legal and regulatory compliance: Cyber insurance policies can help your business comply with user privacy regulations.
Incident response support: Many cyber insurance companies offer incident response support that can help your business with the aftermath of a cyberattack or data breach. This support can include forensic investigation, public relations assistance and legal representation.
High costs: Depending on your provider and coverage limits, cyber insurance can be expensive. The cost of your premium depends on the size of your business, how much coverage you need and the perceived risk your business poses. Make an informed decision as to whether the cost of cyber insurance is worth it for your business.
Limited coverage: It’s essential to understand exactly what is covered by your policy. Some cyber insurance policies have exclusions and limitations that might be deal-breakers for you. Shop around for providers and ensure you fully understand available coverage before committing to a policy.
What does cyber insurance cover?
Depending on the provider, cyber insurance policies can cover the costs of data recovery, forensic investigation, cyber extortion and legal fees resulting from data breaches or cyberattacks.
Most providers also cover business interruption due to a cyberattack. This includes the revenue lost if your business is forced to shut down and the expenses required to get your business back on its feet. Cyber insurance can also cover ransomware attacks, rogue employees, liability claims and reputational damage.
What does cyber insurance not cover?
There are a few things cyber insurance typically doesn’t cover.
- Intentional acts: Intentional acts like insurance fraud aren’t covered by insurers. For example, providers typically won’t cover a cyberattack if one of your employees participates in the attack. Still, some companies will cover expenses caused by rogue employees that go behind your back to damage the company.
- Acts you had knowledge of: If you know that a cyberattack will happen and don’t disclose this to the insurer, you won’t be covered.
- Criminal proceedings: Most cyber insurance companies don’t cover the costs of criminal investigations.
Who needs cyber insurance?
You likely need cyber insurance if your business stores sensitive or personal customer data online, such as credit card information or medical records. Cyber insurance can also be helpful if your business relies heavily on technology, like e-commerce companies or financial institutions.
But it’s not just businesses that need cyber insurance. If you store personal information online, such as Social Security numbers, bank account information or even personal photos and videos, you could also benefit from cyber insurance.
What to look for in cyber insurance coverage
There are several types of coverage and policies to consider when shopping for the best cyber insurance protection. Start with these popular options:
Business interruption coverage: If your business experiences a cyberattack that makes it impossible to operate, business interruption coverage can be a lifesaver. This type of insurance covers lost revenue, ongoing expenses and other costs you may face from the interruption.
Coverage for social engineering scams (phishing and spoofing): Social engineering scams like phishing and spoofing are becoming increasingly common. Most businesses receive phishing attempts every day, and a successful phishing scam can lead to devastating financial and data losses.
Incident response services: A good cyber insurance policy should include incident response services. These services can help you quickly respond to a cyberattack, limit damage and get your business up and running as quickly as possible following a security breach.
Coverage for first-party and third-party losses: First-party losses refer to any direct losses to your business, such as stolen money from a phishing scam, business interruption or extortion payments. Third-party losses are all other expenses that result from the loss of customers data due to a cyberattack. For example, if your business experiences a data breach, your customers may experience identity theft or other financial losses and sue your business for damages.
Reputation damage coverage: Some cyber insurance policies can reimburse you for lost revenue stemming from reputational damage to your business. Let’s say you own a large business and suffer a data breach, resulting in sensitive personal information being leaked. Many of your customers decide to stop doing business with you, and local media coverage leads to even more lost business.
How much does cyber insurance cost?
Premium costs for cyber insurance can range anywhere from several hundred dollars to a few thousand. However, these premiums can vary depending on several factors, such as the size and nature of your business, the type of data you handle and how much risk you pose to the insurer. Small businesses typically pay lower premiums than larger ones, as they generally have fewer assets to protect.
Cyber Insurance FAQ
How much cyber insurance do you need?
Why is cyber insurance important?
Is cyber insurance worth it?
How We Chose the Best Cyber Insurance
To create this list, we evaluated dozens of cyber insurance providers based on the following criteria:
- Affordability: Cyber insurance companies don’t usually publish much pricing information online because coverage is largely policy-dependent. Still, we gathered as much information as possible to give an accurate idea of the pricing of each service.
- Coverage caps: We looked at policy coverage caps to determine how useful each would be for different types of businesses. From $1 million to $500 million, there is a policy for you.
- Customer satisfaction: Customer opinions are key when choosing a service like this. That’s why we viewed online customer reviews posted on Trustpilot and the Better Business Bureau.