Site icon AdvisorSmith

Cyber Insurance Market Update

Cyber Insurance Market Update 2021

Numerous high-profile cyberattacks and ransomware attacks have been reported at companies around the world in 2022. Cyberattacks have hit industries from meat processing to health care, as networked computing systems have become an integral part of business, nonprofit, and government operations everywhere. As these attacks continue, the role of cyber insurance in helping to protect companies has become more prominent.

In this midyear 2022 market update, AdvisorSmith examines the major trends in the cyber insurance marketplace, from pricing to coverage. With the rise in attacks and risk exposure for insurers, major changes have started to take place in the cyber insurance market.

Get a quote on Cyber Insurance

Average Cost of Small Business Cyber Insurance in 2022

Based upon our review of cyber insurance premium costs, rate filings, and surveys of insurance brokers, AdvisorSmith estimates that the average cost of cyber insurance for small businesses has risen due to costly attacks, markedly ransomware. Premiums have seen increases of approximately 25% for policies, with some policyholders seeing increases of over 80%. These rate increases are based upon coverage premium rates for cyber liability coverage in Q1 of 2022.

Our annual cyber insurance cost analyses showed that in 2021, the average cost for cyber insurance was $1,589 per year, which was slightly higher than in 2020 when average costs were $1,485 per year. A jump of 25-80% for premiums in 2022 clearly demonstrates a significant and growing risk of insuring against cyber and ransomware attacks.

As the cyber insurance market continues to evolve, and news of cyberattacks making headlines on an almost daily basis, our analysts have noted a few major trends in the cyber insurance market:

  1. Cyberattacks are on the rise, with attacks becoming more frequent and losses becoming more severe.
  2. Ransomware accounts for a higher proportion of losses, with the ransoms costing victims a whopping $2.2 million in 2022, more than doubling in cost since 2020. In 2022, there were major ransomware attacks on Nvidia Corp, a graphics card manufacturer, Samsung, a major electronics manufacturer, and even Microsoft, a multinational technology corporation that produces computer software.
  3. The cyber insurance market is predicted to grow at a compound annual growth rate (CAGR) of 12% from 2020 to 2025, reaching $14 billion. This growth is being driven by an increase in awareness of cyber risks and the growing number of data breaches.
  4. The average cost of a data breach is expected to increase from $3.86 million in 2020 to $4.27 million by 2025. This increase is driven by the growing sophistication of cyberattacks and the increasing costs associated with recovery and business interruption.
  5. The majority of cyber insurance policies are sold through brokers, with nearly 60% of cyber insurance policies being brokered in 2020. This trend is expected to continue as brokers provide valuable guidance to policyholders in choosing the right cyber insurance policy for their needs.
  6. The number of companies that have a cyber insurance policy has increased by 20% in 2022. This acknowledges the environment of increased cyber risk.
  7. Premiums for cyber insurance have increased the most for midsize and large companies, with estimated premiums rising by over 80% for this market segment.
  8. Insurers in some high-risk sectors are reducing their exposure by reducing coverage limits or reducing coverages, and also placing lower limits on ransomware payouts. Some of the industries where insurers have reduced their exposures include health care and education.
  9. Some insurers have been reducing their cyber risk exposure by adding more restrictive policy terms and including additional exclusions to their cyber and non-cyber policies.
  10. With the rise in remote-working post-pandemic, using public clouds creates new cyber attack vulnerabilities.

What does cyber insurance cover?

Cyber insurance covers financial losses from data breaches, hacking, viruses, denial of service attacks, and other similar cyber events. Cyber threats such as social engineering fraud and phishing may be covered by a cyber policy, depending on the insurer. Cyber insurance has two major components: third-party liability coverage and first-party coverage. 

First-party coverage protects your company when you incur expenses from a data breach or when your company is hacked. You may choose to purchase either or both types of coverage.

Third-party coverage provides protection when a customer, vendor, partner, or other party sues you for allowing a data breach to happen. 

First-Party Coverage

First-party coverage provides protection against the financial losses your business incurs due to a data breach, hack, or other cyber event.

Data Breach

First-party coverage can provide for the costs of responding to and recovering from a data breach. These costs can include:

Data Recovery

If your company’s electronic data is lost, damaged, or corrupted due to a hack, virus, or denial of service attack, you can be covered under first-party coverage. This coverage also extends to data belonging to others stored on your systems.

First-party coverage will reimburse your company for the costs to restore or recover the lost or damaged data, as well as the costs to hire consultants to help you restore or repair your data.

Business Interruption

Business income insurance, also known as business interruption insurance, is also available on many cyber insurance policies. A typical business income insurance policy that is attached to a commercial property policy only covers perils that cause physical damage. Usually, commercial property coverages do not provide coverage for electronic data.

If the loss or destruction of data leads to a disruption in your ability to do business, this coverage can pay for the loss of business income your business experiences.


First-party coverage can also cover cyberextortion. If your business is threatened with damage to your computer systems or networks unless you pay a ransom, this insurance can provide coverage.

First-party coverage can also provide coverage for the money you spend to respond to the extortion demand, in addition to any ransom you pay. The insurer’s consent is usually required before you pay these expenses.

Third-Party Liability Coverage

The third-party liability coverage provided by cyber insurance provides protection against lawsuits filed by clients or others against your business as a result of a breach of their security or privacy. These lawsuits can accuse your business of failing to adequately protect data you possess that belongs to customers, employees, vendors, or others.

Some of the claims and costs that third-party liability may cover include:

What are the most frequent cyber insurance claims?

The most frequent causes of cyber insurance claims are hacking, ransomware, phishing, and employee negligence. Having cyber insurance can protect your business against the financial consequences of some of these common cyber threats.

Hacking claims account for some of the most common cyber insurance claims. If a hacker breaks into your company’s computer network and steals data, your company may be liable for a variety of costs to recover from and mitigate the damage from the hack. These costs may include forensic services to determine the cause and extent of the hack, legal costs to defend against third-party lawsuits related to the hack, notification and credit monitoring services for affected individuals, public relations costs, and regulatory fines and penalties.

Ransomware attacks occur when malicious software is installed on your company’s systems and your company’s data or critical software is threatened unless you pay a ransom. In these cases, cyber insurance can pay for the costs of the ransom so that your company’s data or systems can be recovered. Many cyber liability policies provide very limited coverage for ransomware or cyber extortion attacks, with coverage sublimits as low as $25,000, even when the cyber liability policy has a much higher total limit.

Phishing attacks induce your employees to disclose passwords or other login credentials to hackers. These attacks can happen when employees click on malicious links embedded in emails or on the web. They can also occur over the phone when your employees are tricked into disclosing passwords or other sensitive information. With phishing attacks, criminals can log into your company’s systems and steal data or conduct unauthorized financial transactions.

Employee negligence claims can arise from something as simple as an employee losing a laptop that contains sensitive customer or employee data. In the case of employee negligence, your company could be liable for lawsuits related to lost data, notifying affected individuals and providing them with credit monitoring services, public relations costs, and fines and penalties.

Purchasing Cyber Liability Insurance

There are a variety of insurers and brokers in the market, and it may be difficult sorting through all of the options. AdvisorSmith analyzed a variety of cyber policies and determined the best cyber insurance companies for small businesses. To determine the best cyber insurers, AdvisorSmith considered a number of factors, including financial strength ratings from AM Best and Standard & Poor’s, customer satisfaction data from several J.D. Power studies, complaint ratings from the National Association of Insurance Commissioners, available features and options, and availability of information and ease of use of the insurers’ websites.

» Read our full review of the best cyber insurance companies.

RankCompanyAdvisorSmith Rating
1Hiscox4.9 / 5.0
2Chubb4.8 / 5.0
3The Hartford4.7 / 5.0
4AIG4.7 / 5.0
5CNA4.6 / 5.0
6Arch4.5 / 5.0
7Hanover4.5 / 5.0
8Intact4.4 / 5.0
9Beazley4.3 / 5.0
10Axis4.3 / 5.0

Final Word

As ransomware and cyberattacks hit businesses at an ever-increasing pace, the cyber insurance market continues to adapt and change with the growing risks. The impact on businesses is now evident in premium increases and reduced coverage, but it will be interesting to see what is in store for the rest of the year.


  1. AdvisorSmith, Average Cost of Cyber Insurance
  2. U.S. Government Accountability Office, “As Cyberattack Risks Increase, How Is The Insurance Market and Government Responding?”, June 2022
  3. Institute for Security and Technology, “Ransomware Task Force Progress Report”, May 2022
  4. National Association of Insurance Commissioners, Cybersecurity, July 2022

Expert Commentary

AdvisorSmith spoke with the following experts to provide critical insight on cyber insurance for business owners.

Nick Nikiforakis

  • Associate Professor of Computer Science
  • Stony Brook University
Nick's Answers

John Nicholas

  • Professor of Computer Information Systems
  • The University of Akron
John's Answers

Michael McShane

  • Professor of Risk Management and Insurance
  • Old Dominion University
Michael's Answers

Anne Kleffner

  • Professor and Chair, Risk Management & Insurance
  • University of Calgary
Anne's Answers

Bill Barge

  • Associate Professor, Computer Science and Information Technology
  • Trine University
Bill's Answers

Q. Where do you see the cyber insurance market trending, and what are the main insurability challenges?

Q. Should small businesses be concerned about cyber risk?

Q. How can a business effectively organize and manage cyber risk?

Exit mobile version