Cybersecurity Insurance

No business, large or small, is immune to cyber incidents. Cybercriminals deploy cyberattacks at scale, targeting thousands of small organizations with devices looking for cybersecurity weaknesses, such as lack of encryption, poor password management, or employees who click on a phishing email. Such weaknesses fall into the category of basic cybersecurity hygiene to keep organizations secure online.


Typically Included in the Policy

Cybersecurity insurance generally covers your company’s liability in the event of a network security failure resulting in:

First-Party Expenses: This category includes costs that organizations would ordinarily have to pay to mitigate losses related to a data breach or privacy incident. Examples of first-party expenses are:


  • Incident response and digital forensics services
  • PR services to manage reputational damage caused by a breach
  • Notification to affected parties
  • Other expenses involved with directly responding to a
    cyber incident.

Cyber Crime Costs: This category deals with financial losses resulting directly from criminal activity. An example is the theft of funds as a result of digital fraud.

Cyber Extortion: Ransomware attacks are a prevalent form of cyber extortion.

Liability Implications: Legal fees and regulatory fines comprise typical liability costs.

Third-Party Expenses: This category covers costs associated with defending liability claims and/or fines and penalties assessed by regulating authorities. Examples include:


  • Legal fees to defend lawsuits against the company
  • Fines for violating HIPAA regulations.

A data breach involving sensitive customer information (i.e. health records, Social Security numbers, credit card numbers, etc.)

Malware infection

Social Engineering: Phishing and spear phishing campaigns are types of social engineering.

Business Interruption: Losing revenue from downtime caused by a cyber incident constitutes business interruption.

Virus Transmission: End-to-end coverage applies from discovery to removal of a virus, even if the virus spreads before being removed.

What can Cybersecurity Insurance do for businesses?

Get access to cyber security experts and go to the Cyber Resource Center for more information. Mitigate financial losses from a cyber incident. Fulfill contractual obligations.

How do I evaluate my risk?

Assess what type of sensitive information you and your company collect, such as payment information, personal identification information or protected health information. This type of data in particular is a common target of cyber incidences. Also, if your employees use their own devices at work and how much the business relies on confidentiality.

A periodic vulnerability scan should be performed. Call for information.

What is multi-factor authentication (MFA) – Why is it important?

Multi-factor authentication, or MFA, protects your applications by using a second source of validation before granting access to users. Common examples of multi-factor authentication include personal devices, such as a phone or token, or geographic or network locations.

What is a cybersecurity risk profile?

A cybersecurity risk profile show insurers exactly what your current situation is regarding cybersecurity and protection, so they have a good idea of your vulnerabilities and what you might be more likely to claim for. This also might include a list of potential expenses you would require if you were the victim of a cyberattack, and any related service costs for third parties such as outsourcing investigations and data/network services.

A periodic vulnerability scan should be performed. Call for information.