Site icon AdvisorSmith

Cyber Insurance Cost

Average Cost of Cyber Insurance

The average cost of cyber insurance in the U.S. in 2021 was $1,589 per year or $132 per month. According to recent reports, the U.S. is the country that is most frequently targeted for cyberattacks. Companies in the U.S. spend almost $4 million dollars on average to respond to data breaches, according to IBM. For small businesses, the cost averages around $36,000 to recover from a data breach, according to First Data. For small and midsize businesses, the cost rises to an average of $86,000, as reported by Kaspersky.

Get a quote on Cyber Insurance

Average Cost of Cyber Insurance

AdvisorSmith conducted a study using quote estimates and rate filings from over 43 insurance companies nationwide and found premiums ranging from $650 to $2,357 for cyber insurance, based upon companies with moderate risks. These premiums were based upon liability limits of $1,000,000, with a $10,000 deductible, and $1,000,000 in company revenue.

The average cost of cyber insurance is has risen to 25-80% in the U.S. The costs of insuring your business against data breaches and hacking attacks vary based upon the nature and size of your business, as well as the state in which your business is located. For example, the average cost in Michigan was $1,339 for our example scenario, while similar coverage in Minnesota was $1,708. Below, we list the average cost of cyber insurance in each state, along with the difference between the state average and the national average.

StateAverage Cost of Cyber InsuranceDifference from National Average
Alaska$1,532.89 3.23%
Alabama$1,539.40 3.67%
Arkansas$1,646.50 10.88%
Arizona$1,581.50 6.50%
California$1,430.18 -3.69%
Colorado$1,521.67 2.47%
Connecticut$1,593.62 7.32%
District of Columbia$1,539.25 3.66%
Delaware$1,446.47 -2.59%
Florida$1,529.82 3.02%
Georgia$1,450.54 -2.32%
Hawaii$1,519.46 2.32%
Iowa$1,505.73 1.40%
Idaho$1,483.70 -0.08%
Illinois$1,434.59 -3.39%
Indiana$1,484.06 -0.06%
Kansas$1,501.38 1.11%
Kentucky$1,587.10 6.88%
Louisiana$1,623.94 9.36%
Massachusetts$1,380.59 -7.03%
Maryland$1,471.18 -0.93%
Maine$1,467.39 -1.18%
Michigan$1,339.33 -9.81%
Minnesota$1,708.11 15.03%
Missouri$1,509.00 1.62%
Mississippi$1,472.55 -0.84%
Montana$1,478.29 -0.45%
North Carolina$1,421.49 -4.27%
North Dakota$1,464.42 -1.38%
Nebraska$1,485.64 0.05%
New Hampshire$1,431.99 -3.57%
New Jersey$1,615.25 8.77%
New Mexico$1,355.36 -8.73%
Nevada$1,507.55 1.52%
New York$1,616.70 8.87%
Ohio$1,553.68 4.63%
Oklahoma$1,513.03 1.89%
Oregon$1,462.50 -1.51%
Pennsylvania$1,466.49 -1.24%
Rhode Island$1,541.58 3.81%
South Carolina$1,398.83 -5.80%
South Dakota$1,489.45 0.30%
Tennessee$1,500.20 1.03%
Texas$1,459.22 -1.73%
Utah$1,515.10 2.03%
Virginia$1,467.83 -1.15%
Vermont$1,457.70 -1.83%
Washington$1,449.80 -2.37%
Wisconsin$1,523.03 2.56%
West Virginia$1,629.64 9.74%
Wyoming$1,426.89 -3.91%

Besides the location of your business, a number of other factors can greatly affect the premiums that you pay for cyber insurance. Insurance companies will take into account the nature of your business, the number of sensitive employee and customer records you store, whether your business stores credit card and banking information on your customers, and the types of security defenses your company has undertaken. Additionally, if your company has a history of cyber insurance claims or if it has been attacked or hacked in the past, your premiums may be higher.

Average Cost of Cyber Insurance (2022 vs. 2021)

In 2021, the average cost of cyber insurance was $1,589 per year, compared with $1,485 in 2020. Since that time, we found that with the increase in ransomware attacks and data breaches, the average cost of premiums has risen approximately 25%, with some policyholders paying over an 80% higher rate in 2022.

The table below shows the change in average premiums by state between 2019 and 2020. The largest jump in cost was in the state of Arizona, with annual premiums increasing 39% from $1,139 in 2019 to $1,581 in 2020. North Carolina saw the largest drop in average cost, with annual premiums decreasing 12% from $1,611 in 2019 to $1,421 in 2020.

StateAverage Cost of Cyber Insurance (2020)Average Cost of Cyber Insurance (2019)Percent Change
Alaska$1,532.89 $1,562.70 -2%
Alabama$1,539.40 $1,436.64 7%
Arkansas$1,646.50 $1,288.00 28%
Arizona$1,581.50 $1,139.00 39%
California$1,430.18 $1,594.47 -10%
Colorado$1,521.67 $1,575.46 -3%
Connecticut$1,593.62 $1,588.45 0%
District of Columbia$1,539.25 $1,536.00 0%
Delaware$1,446.47 $1,626.92 -11%
Florida$1,529.82 $1,536.00 0%
Georgia$1,450.54 $1,483.92 -2%
Hawaii$1,519.46 $1,277.50 19%
Iowa$1,505.73 $1,444.85 4%
Idaho$1,483.70 $1,421.35 4%
Illinois$1,434.59 $1,516.27 -5%
Indiana$1,484.06 $1,546.25 -4%
Kansas$1,501.38 $1,444.12 4%
Kentucky$1,587.10 $1,466.44 8%
Louisiana$1,623.94 $1,353.25 20%
Massachusetts$1,380.59 $1,277.50 8%
Maryland$1,471.18 $1,482.50 -1%
Maine$1,467.39 $1,502.91 -2%
Michigan$1,339.33 $1,232.67 9%
Minnesota$1,708.11 $1,253.67 36%
Missouri$1,509.00 $1,340.65 13%
Mississippi$1,472.55 $1,452.88 1%
Montana$1,478.29 $1,411.67 5%
North Carolina$1,421.49 $1,611.00 -12%
North Dakota$1,464.42 $1,344.90 9%
Nebraska$1,485.64 $1,427.87 4%
New Hampshire$1,431.99 $1,416.71 1%
New Jersey$1,615.25 $1,521.92 6%
New Mexico$1,355.36 $1,350.23 0%
Nevada$1,507.55 $1,416.39 6%
New York$1,616.70 $1,410.71 15%
Ohio$1,553.68 $1,277.50 22%
Oklahoma$1,513.03 $1,500.18 1%
Oregon$1,462.50 $1,452.44 1%
Pennsylvania$1,466.49 $1,471.70 0%
Rhode Island$1,541.58 $1,541.06 0%
South Carolina$1,398.83 $1,483.00 -6%
South Dakota$1,489.45 $1,308.00 14%
Tennessee$1,500.20 $1,540.08 -3%
Texas$1,459.22 $1,385.34 5%
Utah$1,515.10 $1,467.16 3%
Virginia$1,467.83 $1,345.81 9%
Vermont$1,457.70 $1,563.06 -7%
Washington$1,449.80 $1,372.80 6%
Wisconsin$1,523.03 $1,472.72 3%
West Virginia$1,629.64 $1,531.83 6%
Wyoming$1,426.89 $1,341.11 6%

How does coverage level affect cyber insurance costs?

In addition to the nature of your business, location, and claims history, a major factor in determining your insurance premium will be the level of coverage that you choose. The higher the limits of your cyber coverage, the higher your premiums will be. However, additional coverage usually costs less per dollar of coverage compared with the base coverage. For example, the first $250,000 of coverage costs an average of $739 in our example below, while the next $250,000 of coverage only costs an average of $407, for a total cost of $1,146.

In the following table, we show how the average annual premium changes for different levels of coverage with varying deductibles, based upon a business with moderate risk in the state of Connecticut. To create this table, we used quotes and rate filings from major insurance companies in Connecticut. Actual premium prices would vary depending upon the type of business, location, and claims history.

Cyber Liability LimitDeductibleAverage Annual Insurance Premium
$1,000,000 $10,000 $1,588
$500,000 $5,000 $1,146
$250,000 $2,500 $739

Choosing the appropriate level of coverage for your cyber liability insurance is an important choice for your business. It is important to choose a level of premium that is affordable for your business, but you also want to ensure that the liability level is high enough so that in the event of a data breach or hack, you may be able to avert financial disaster.

How do deductibles affect cyber insurance costs?

A cyber insurance deductible is the amount of a loss that your company is responsible for in the event of a covered hack, data breach, or other event covered by your cyber liability insurance. A typical deductible for a $1 million policy could be $10,000, but you are free to choose higher or lower deductibles depending on your company’s situation. Choosing a lower deductible means you’ll pay less in the event of a breach, but it also means your premiums will be higher. When choosing your deductible, you should consider the impact of a loss on your business, and the amount of losses you’d be able to absorb in the event of a breach or cyber event.

How do business size and type affect cyber insurance costs?

Many insurance companies base their rates for cyber insurance on the revenues that a business has. The larger a company’s revenues, generally, the higher the premiums will be when compared with a similar company with lower revenues. A few insurance companies use the number of employees to determine a company’s premiums, with more employees causing premiums to be higher.

In addition to company size, the type of business that a company is in has a large impact on the premiums that a company pays. Most insurance companies segment businesses into different tiers of premiums based upon the type of business. Companies that do not store much third-party information and don’t have many data records usually have the lowest cyber insurance premiums. For example, a small manufacturing company with only a few clients would have very little customer information that would be affected in the event of a data breach. A law firm that stores confidential data on clients, however, would require more cyber insurance.

Companies with moderate risks might have larger amounts of data on customers, but may not necessarily store highly sensitive customer information. A moderate-risk company might be a retail store that accepts credit card transactions in their store. These types of companies will have higher premiums than low-risk companies.

High-risk companies have the largest chance of experiencing a data breach and, as such, will have to pay the highest premiums for their cyber insurance. A high-risk company is usually one that stores a large amount of confidential data on its customers. For example, a hospital or financial institution will have much more sensitive customer information than a retail store

The highest tier of risk would be companies that store sensitive information such as social security numbers, dates of birth, or other financial or personal information. Examples include professional services organizations such as accountants, medical offices, and apartment buildings. These companies would pay the highest premiums for their cyber insurance.

Cyber insurance premiums also vary depending on the amount of coverage that a company purchases. The more coverage a company buys, the higher the premium will be. For example, a company that purchases $5 million in coverage will pay a higher premium than a company that only purchases $1 million in coverage.

In order to get an accurate picture of how business size and type affect cyber insurance costs, it is best to get quotes from a few different insurance companies. Cyber insurance rates can vary greatly from one insurer to the next, so it’s important to compare prices and coverage before purchasing a policy.

How does the number of sensitive records affect cyber insurance costs?

In addition to the revenue, size, and type of business, many insurers will ask for the number of sensitive records stored by an organization, as well as the number of financial or credit card transactions processed by your company. Usually, the higher the number of sensitive records or financial transactions stored, the higher your company’s insurance premiums will be.

What are some of the most common cyber insurance claims?

There are a few types of claims that seem to be more common than others in the world of cyber insurance. These types of claim can be very costly, as they can often take a long time for a company to get its systems back up and running. Common claims include data loss or theft, cyber extortion, and denial of service attacks. Other examples include:

First-party coverage: This type of coverage provides protection for your organization in the event of a data breach or cyber attack, covering expenses such as notifying customers of a breach, providing credit monitoring services, and public relations expenses.

Third-party coverage: This type of coverage protects your organization from claims made by other parties in the event that your company is responsible for a data breach or cyber attack. This could include damages paid to customers or clients, as well as expenses related to a court case or settlement.

Cyber extortion: This type of coverage can provide protection in the event that your organization is the victim of a ransomware attack or other type of cyber extortion. It can help cover the costs of paying a ransom, as well as expenses related to restoring systems and data.

Business interruption: This type of coverage can help protect your organization in the event that business operations are disrupted due to a cyber attack. It can help cover lost revenue as well as expenses related to restarting operations.

How do security measures affect cyber insurance costs?

When applying for cyber insurance, many insurance companies will ask you to complete an assessment of your company’s existing security measures. The more security measures your company has put into place, the lower the insurance premiums for cyber insurance will be.

Some of the security measures that your company could take include hardware and software network security, data loss prevention procedures, multi-factor authentication, and encryption. Insurance companies also are interested in whether your company patches software vulnerabilities on a regular basis, and also whether your company uses third-party firms for security assessments and audits. Other steps your company could take include encrypting data and monitoring vendors who have access to your computers and data systems.

What are the most frequent cyber insurance claims?

The most frequent causes of cyber insurance claims are hacking, ransomware, phishing, and employee negligence. Having cyber insurance can protect your business against the financial consequences of some of these attacks.

Hacking claims account for some of the most common cyber insurance claims. If a hacker breaks into your company’s computer network and steals data, your company may be liable for a variety of costs to recover from and mitigate the damage from the hack. These costs may include forensic services to determine the cause and extent of the hack, legal costs to defend against third-party lawsuits related to the hack, notification and credit monitoring services for affected individuals, public relations costs, and regulatory fines and penalties.

Ransomware attacks occur when malicious software is installed on your company’s systems and your company’s data or critical software is threatened unless you pay a ransom. In these cases, cyber insurance can pay for the costs of the ransom so that your company’s data or systems can be recovered. Many cyber liability policies provide very limited coverage for ransomware or cyber extortion attacks, with coverage sublimits as low as $25,000, even when the cyber liability policy has a much higher total limit.

Phishing attacks induce your employees to disclose passwords or other login credentials to hackers. These attacks can happen when employees click on malicious links embedded in emails or on the web. They can also occur over the phone when your employees are tricked into disclosing passwords or other sensitive information. With phishing attacks, criminals can log into your company’s systems and steal data or conduct unauthorized financial transactions.

Employee negligence claims can arise from something as simple as an employee losing a laptop that contains sensitive customer or employee data. In the case of employee negligence, your company could be liable for lawsuits related to lost data, notifying affected individuals and providing them with credit monitoring services, public relations costs, and fines and penalties.

Purchasing Cyber Liability Insurance

There are a variety of insurers and brokers in the market, and it may be difficult sorting through all of the options. AdvisorSmith analyzed a variety of cyber policies and determined the best cyber insurance companies for small businesses. To determine the best cyber insurers, AdvisorSmith considered a number of factors, including financial strength ratings from AM Best and Standard & Poor’s, customer satisfaction data from several J.D. Power studies, complaint ratings from the National Association of Insurance Commissioners, available features and options, and availability of information and ease of use of the insurers’ websites.

» Read our full review of the best cyber insurance companies.

RankCompanyAdvisorSmith Rating
1Hiscox4.9 / 5.0
2Chubb4.8 / 5.0
3The Hartford4.7 / 5.0
4AIG4.7 / 5.0
5CNA4.6 / 5.0
6Arch4.5 / 5.0
7Hanover4.5 / 5.0
8Intact4.4 / 5.0
9Beazley4.3 / 5.0
10Axis4.3 / 5.0

Final Word

Cyber insurance is becoming more and more important for businesses, small and large. While the threat of hacking and data breaches increases, it’s important to understand how cyber insurance is priced and where pricing is going.

As cyber insurance becomes more common, we can expect the costs to become more standardized. However, there will always be a certain amount of variability in pricing depending on the size and type of business, as well as the level of coverage desired.

If you’re thinking about purchasing cyber insurance for your business, be sure to do your research and compare quotes from multiple insurers. This will help ensure you get the best coverage at the most affordable price. Cyber insurance is an important tool to protect your business from the growing threat of hacking and data breaches. While the cost of coverage may seem high, it’s important to remember that the cost of a breach can be much higher. In many cases, cyber insurance is worth the investment.

Expert Commentary

AdvisorSmith spoke with the following experts to provide critical insight on cyber insurance for business owners.

Bruce deGrazia

  • Program Chair for Cybersecurity Management and Policy
  • University of Maryland Global Campus
Bruce's Answers

Dr. Shiu-Kai Chin

  • Professor of Electrical Engineering & Computer Science
  • Syracuse University
Shiu-Kai's Answers

John Paul Broussard

  • Professor, Director of the Online MS Finance Program
  • University of Oklahoma
John Paul's Answers

David Scibelli

  • Associate Professor, Cyber Security & Computer Science
  • Shenandoah University
David's Answers

Q. Should small businesses be concerned about cyber risk?

Q. Where do you see the cyber insurance market trending, and what are the main insurability challenges?

Q. How can a business effectively organize and manage cyber risk?

Exit mobile version