Cyber insurance is becoming an increasingly important part of digital business as cyberattacks and data breaches increase. If you’re a victim of a cyberattack, you could be looking at everything from data restoration expenses to regulatory fines, which is the last thing you need after a breach.
Cyber insurance companies can help—in the event of a cyberattack, you may receive financial compensation and they can help you recover lost data through the insurance claim process. And it’s important to note that many companies going through this process can still afford to provide continued service to their customers.
But which cyber insurance company should you opt for anyway? We’ll detail the best companies available and show you how to pick.
Zurich offers cyber liability and data breach insurance and will reimburse you for lost income, PR expenses, and payment card industry (PCI) fines. Its cyber risk engineers help you carry out dedicated cyber risk assessments that find weaknesses in your setup, identify and prioritize countermeasures, and analyze your core business processes to see your level of cyber exposure. Zurich has some of the best third-party ratings—an A+ rating from AM Best—which means claims are paid often and typically on time.
It’s a reliable and straightforward choice to make for your business then and is as close to a comprehensive solution as you can find on the market. That said, no personal cyber insurance is available, something we would have liked to see as a bonus, and there isn’t an easy way to apply on the site either. Zurich doesn’t list its prices, and you’ll have to reach out and get in touch for more information.
Chubb is a good choice for those needing a plan for their digital business and individuals and families at the same time. As a company that has been in business for a remarkable 229 years, you know you’re in safe hands. You’ll get protection against stolen money from your online accounts of up to $250,000, 24/7 breach response, data restoration, legal and PR coverage, and notification expenses on top—it’s a package that offers the lot.
We particularly like the Chubb Cyber Index, which amasses claims data and reports the leading cyber threats along with historical trends, keeping you aware of potential threats at all times. Using the dashboard, you can compare insurance costs to other providers, see how much a cyber incident could cost, and learn how much data is at risk in the event of a cyberattack.
Key metrics on the dashboard get tracked, too, such as the actions causing a cyber loss, whether an internal or external factor caused a cyber event, and the number of affected records.
With that said, there’s no quick signup on the site. No prices are listed either, so you’ll have to reach out to an agent to get started.
AIG is known for its upfront way of doing things, which can be a breath of fresh air. While others will get you to request a quote for the full details, AIG lays it all out, telling companies to go for its CyberEdge, WorldRisk, or EAGLE plans. These plans and what it covers are detailed and straightforward.
For instance, for third-party claims from alleged financial losses, CyberEdge, WorldRisk, and EAGLE all cover this, but only EAGLE and CyberEdge cover expenses for business interruption. The cyber cover guide is one of the most transparent on the market, so it’s a massive pro of opting for AIG for your cyber insurance. AIG also offers an impressive $100 million limit for its cyber insurance policies; competitor maximums typically reach $250,000 to $25 million at the most.
With that said, AIG doesn’t offer any form of personal cyber insurance—even better as an addition to the rest—and has a moderately low S&P Global rating of BBB+.
HSB is an ideal choice for law firms and offers coverage for cyber extortion and misdirected payments. HSB has an excellent reputation, real expertise, and years of experience dealing with sensitive information. HSB focuses on reinsurance coverage, including data, cyber risk, and identity theft insurance. Its Cyber Suite protection plan, with different bundles of coverage, is available for small to mid-sized businesses, including law firms.
If you are a cyberattack victim, HSB will pay for the restoration of data, all system restoration costs, PR services, and future loss avoidance coverage for improvements to a computer system—this is rare in the market. For cyber extortion, it covers the expenses of a negotiator or an investigator and the payments for eliminating the ransomware. These plans get backed up by a team of cyber claims specialists who provide help 24/7.
However, it’s worth noting the $1 million limit maximum is comparatively low compared to others on the market.
You’ll also have to contact an agent for complete package information and a quote.
The Doctors Company
As the name might suggest, The Doctors Company is an excellent choice for healthcare professionals. The CyberGuard Plus plan offers $5 million in cyber liability insurance, and there’s coverage for cyber extortion and website media content liability, as well as first-party network business interruption, patient notification services, and privacy breach response services. What’s more, AM Best assigned the company a noteworthy “A” rating.
The Doctors Company also provides additional insurance products for your business, including workers’ compensation coverage, medical malpractice insurance, and professional liability insurance. There’s 24/7 access to a range of online risk management resources to help you manage your risk before a cybercrime can occur, too, including sample privacy security policies and education and awareness materials.
That said, you must already have a medical liability policy in place, and online quotes are not readily available. You can get started with The Doctors Company by signing up.
How To Pick Your Cyber Insurance Company
You’ve seen our top picks, but how do you decide which one of them is the best for you? Don’t fret; we’ve listed some simple steps you can follow to arrive at the best cyber insurance company for you.
Step 1 – Create a Cyber Risk Profile for Your Company
The first step is to create a cyber risk profile for your company. Here, you list expenses you want to have covered if an unfortunate event happens. Completing a list will allow you to determine an estimate for your overall third-party costs and, of course, will help you decide which company is better suited as a result.
Keep in mind that a risk profile ranks the many risks you could face based on the probability of them happening. For instance, some events are more likely, some are unlikely, and some are in-between; they are possible. What do these risks look like on paper?
Here are some of the most common ones:
- Network security liability
- Data loss or software damage
- IP theft
- Death and bodily injury
- Crime or fraud
- Cyber extortion
- Loss of reputation
When we look at these risks and have our expected costs at hand, we can decide which cyber insurance company is the best fit for us.
For example, on our list, AIG offers a $100 million limit for its cyber insurance policies and third-party claims from alleged financial losses. It’s a strong choice for those specifically worried about financial losses.
Meanwhile, HSB covers the loss and restoration of data, including all system restoration costs and future loss avoidance. For data loss concerns, they’re a good choice, as is Chubb, which offers data restoration, legal, and PR coverage all in one.
Zurich offers both cyber liability and data breach insurance and will reimburse you for lost income. The Doctors Company is the best choice for covering patient notification services and privacy breach response services.
Step 2 – Learn About the Different Types of Cyber Insurance
It’s not commonly known, but there are quite a few reimbursable expenses that different cyber insurance policies cover. While we’ve listed some of these in step one, others include the following:
- Specific investigations into the cause of a breach
- Privacy protection
- Other business losses that arise from the breach
It helps to understand what the different types of cyber insurance actually mean too. For instance, cyber liability insurance covers various liabilities and property losses for companies due to a cyberattack. Take hackers collecting your data to sell it on the internet; in this scenario, cyber insurance can cover the expenses related to protecting your customers’ identities, including paying for identity theft protection services. It also covers loss of data, fraud, and extortion.
The Doctors Company offers $5 million in cyber liability insurance from our top picks, while AIG covers up to $100 million across these areas.
The other big one is data compromise insurance. You may see this mentioned around the web, but what does it cover? Essentially, the funding of data breach investigations, so everything that involves notifying affected individuals and the case management activities, as well as services that help to prevent fraud and theft when a breach has occurred.
On our list, HSB covers data loss and restoration and Chubb covers data restoration. Zurich covers both cyber liability and data compromise insurance.
Step 3 – Understand What’s Typically Not Covered With Cyber Insurance
By now, we have a good idea of the main types of cyber insurance and what they cover. But it’s worth knowing what definitively isn’t covered by the vast majority of policies. Many small to medium-sized businesses are often surprised when they find this out in the small print.
The main areas typically not covered are the following:
- Acts of war: this forbids payment for cyber breaches from state-sponsored actors or foreign hackers.
- BYOD and remote worker claims: in other words, not covering an unencrypted device or declining to cover employees who haven’t signed an acceptable use policy.
- Potential profit loss in the future: many cyber insurance companies will not cover future losses and may have a limited amount of time following the breach.
- Upgrading tech: most cyber insurance companies will not cover you for upgrading your equipment to prevent future attacks.
While most events are covered, the four scenarios above rarely are. That said, there are exceptions. For example, on our list, HSB will pay for future loss avoidance cover for improvements to a computer system.
Step 4 – Ensure You Qualify for a Cyber Risk Insurance Policy
You may feel ready to start making some calls and getting in touch with agents. However, it’s worth remembering that not all companies automatically qualify for a cyber insurance policy. The majority of businesses do, but it depends on a few factors.
Most insurers need to know that you have some form of reliable data handling protocols in place, particularly if customer data comes into it—take an industry like healthcare and its adherence to HIPAA data mandates. You’ll also need to show your insurers that you can provide forensic-style reports if a data breach occurs.
Most insurers will carry out their own cyber insurance risk assessment as part of the underwriting process. The size of your company will dictate how detailed this process is, and it can range from a single questionnaire to a full analysis that takes a few weeks to complete, including check-ups and reassessments. However, the latter will generally be for the largest of businesses.
Finally, a business needs to meet some basic IT security standards. For instance, all PCs need to be equipped with antivirus software and kept up to date. You’ll need to protect your company network by using a firewall, and your business data needs to get backed up using external media or a secure cloud service regularly.
All of the cyber insurance companies on our list offer a form of the qualifying process, so it’s best to prepare before you reach out to them. AIG is perhaps the most transparent about this process and makes an initial assessment through a proposal form. The rest on our list don’t specify their requirements, and you’ll have to contact them for more details.