The average cost of cyber insurance in the U.S. is about $1501 per year or about $125 per month. According to recent reports, the U.S. is the country that is most frequently targeted for cyber attacks. Companies in the U.S. spend almost $4 million dollars on average to respond to data breaches, according to IBM. For small businesses, the cost averages around $36,000 to recover from a data breach, according to First Data. For small and midsize businesses, the cost rises to an average of $86,000, as reported by Kaspersky.
AdvisorSmith conducted a study using quote estimates and rate filings from over 50 insurance companies nationwide and found premiums ranging from $544 to $2,632 for cyber insurance, based upon companies with moderate risks. These premiums were based upon liability limits of $1,000,000, with a $10,000 deductible, and $1,000,000 in company revenue.
- Average Cost of Cyber Insurance
- How does coverage level affect cyber insurance costs?
- Other factors that influence your cyber insurance rate
- What are the most frequent cyber insurance claims?
Average Cost of Cyber Insurance
The average cost of cyber insurance is $1501 per year in the U.S. The costs of insuring your business against data breaches and hacking attacks varies based upon the nature and size of your business, as well as the state in which your business is located. For example, the average cost in Michigan was $1,233 for our example scenario, while similar coverage in California was $1,594. Below, we list the average cost of cyber insurance in each state, along with the difference between the state average and the national average.
|State||Average Cost of Cyber Insurance||Difference from National Average|
|District of Columbia||$1,536.00||2.28%|
Besides the location of your business, a number of other factors can greatly affect the premiums that you pay for cyber insurance. Insurance companies will take into account the nature of your business, the number of sensitive employee and customer records you store, whether your business stores credit card and banking information on your customers, and the types of security defenses your company has undertaken. Additionally, if your company has a history of cyber insurance claims or if it has been attacked or hacked in the past, your premiums may be higher.
How does coverage level affect cyber insurance costs?
In addition to the nature of your business, location, and claims history, a major factor in determining your insurance premium will be the level of coverage that you choose. The higher the limits of your cyber coverage, the higher your premiums will be. However, additional coverage usually costs less per dollar of coverage compared with the base coverage. For example, the first $250,000 of coverage costs an average of $739 in our example below, while the next $250,000 of coverage only costs an average of $407, for a total cost of $1,146.
In the following table, we show how the average annual premium changes for different levels of coverage with varying deductibles, based upon a business with moderate risk in the state of Connecticut. To create this table, we used quotes and rate filings from major insurance companies in Connecticut. Actual premium prices would vary depending upon the type of business, location, and claims history.
|Cyber Liability Limit||Deductible||Average Annual Insurance Premium|
Choosing the appropriate level of coverage for your cyber liability insurance is an important choice for your business. It is important to choose a level of premium that is affordable for your business, but you also want to ensure that the liability level is high enough so that in the event of a data breach or hack, you may be able to avert financial disaster.
Other factors that influence your cyber insurance rate
How Your Deductible Affects Cyber Insurance Costs
A cyber insurance deductible is the amount of a loss that your company is responsible for in the event of a covered hack, data breach, or other event covered by your cyber liability insurance. A typical deductible for a $1 million policy could be $10,000, but you are free to choose higher or lower deductibles depending on your company’s situation. Choosing a lower deductible means you’ll pay less in the event of a breach, but it also means your premiums will be higher. When choosing your deductible, you should consider the impact of a loss on your business, and the amount of losses you’d be able to absorb in the event of a breach or cyber event.
How the Type and Size of Business Affects Cyber Insurance Costs
Many insurance companies base their rates for cyber insurance on the revenues that a business has. The larger a company’s revenues, generally, the higher the premiums will be when compared with a similar company with lower revenues. A few insurance companies use the number of employees to determine a company’s premiums, with more employees causing premiums to be higher.
In addition to company size, the type of business that a company is in has a large impact on the premiums that a company pays. Most insurance companies segment businesses into different tiers of premiums based upon the type of business. Companies that do not store much third-party information and don’t have many data records usually have the lowest cyber insurance premiums. For example, a small manufacturing company with only a few clients would have very little customer information that would be affected in the event of a data breach.
Companies with moderate risks might have larger amounts of data on customers, but may not necessarily store highly sensitive customer information. A moderate risk company might be a retail store that accepts credit card transactions in their store. These types of companies will have higher premiums than low-risk companies.
The highest tier of risk would be companies that store sensitive information such as social security numbers, dates of birth, or other financial or personal information. Examples include professional services organizations such as accountants, medical offices, and apartment buildings. These companies would pay the highest premiums for their cyber insurance.
How the Number of Sensitive Records Affects Cyber Insurance Costs
In addition to the revenue, size, and type of business, many insurers will ask for the number of sensitive records stored by an organization, as well as the number of financial or credit card transactions processed by your company. Usually, the higher the number of sensitive records or financial transactions stored, the higher your company’s insurance premiums will be.
How Security Measures Affect Cyber Insurance Costs
When applying for cyber insurance, many insurance companies will ask you to complete an assessment of your company’s existing security measures. The more security measures your company has put into place, the lower the insurance premiums for cyber insurance will be.
Some of the security measures that your company could take include hardware and software network security, data loss prevention procedures, multi-factor authentication, and encryption. Insurance companies also are interested in whether your company patches software vulnerabilities on a regular basis, and also whether your company uses third-party firms for security assessments and audits. Other steps your company could take include encrypting data and monitoring vendors who have access to your computers and data systems.
What are the most frequent cyber insurance claims?
The most frequent causes of cyber insurance claims are hacking, ransomware, phishing, and employee negligence. Having cyber insurance can protect your business against the financial consequences of some of these attacks.
Hacking claims account for some of the most common cyber insurance claims. If a hacker breaks into your company’s computer network and steals data, your company may be liable for a variety of costs to recover from and mitigate the damage from the hack. These costs may include forensic services to determine the cause and extent of the hack, legal costs to defend against third-party lawsuits related to the hack, notification and credit monitoring services for affected individuals, public relations costs, and regulatory fines and penalties.
Ransomware attacks occur when malicious software is installed on your company’s systems and your company’s data or critical software is threatened unless you pay a ransom. In these cases, cyber insurance can pay for the costs of the ransom so that your company’s data or systems can be recovered. Many cyber liability policies provide very limited coverage for ransomware or cyber extortion attacks, with coverage sublimits as low as $25,000, even when the cyber liability policy has a much higher total limit.
Phishing attacks induce your employees to disclose passwords or other login credentials to hackers. These attacks can happen when employees click on malicious links embedded in emails or on the web. They can also occur over the phone when your employees are tricked into disclosing passwords or other sensitive information. With phishing attacks, criminals can log into your company’s systems and steal data or conduct unauthorized financial transactions.
Employee negligence claims can arise from something as simple as an employee losing a laptop that contains sensitive customer or employee data. In the case of employee negligence, your company could be liable for lawsuits related to lost data, notifying affected individuals and providing them with credit monitoring services, public relations costs, and fines and penalties.