All organizations, regardless of size, take on some cyber risk in today’s heavily connected world. Cyber liability insurance, along with a robust plan for preventing and reacting to cyber events, helps you stay ahead of online threats. Learn more about cyber risk management and what kind of cyber liability insurance is right for your organization.

Understanding Cyber Liability Insurance

1) What is Cyber Liability Insurance?
2) Why is it important?
3) How much does it cost?
4) What does it cover?
5) What should I look for in Cyber Liability Coverage?
6) Does my small business need Cyber Liability Insurance?
7) What is wire transfer fraud?
8) Expert insights (video library)
9) Cyber Security Best Practices
10) Glossary

What is Cyber Liability Insurance?

Cyber Liability Insurance protects your business from the significant costs that can follow from falling victim to a data breach or a cyber crime, the same way general liability or commercial property insurance protects you in case of a personal injury claim or a theft or break-in.

Why is Cyber Liability Insurance important?

Cyber Liability Insurance is important because cyber crime is widespread and has costly ramifications.

  • 60% of small businesses that suffered a successful cyber attack close permanently within 6 months.
  • 50% of all cyber attacks are against small to mid-sized businesses.
  • 1 in 3 data breaches occurs at a business with fewer than 100 employees.
  • The average cost of a data breach for small businesses ranges from $120,000 to $1.24 million

Back to the top

How much does Cyber Liability Insurance cost?

The cost of Cyber Liability Insurance depends on your business’s level of risk. Determining factors include:

  • Your industry
  • Your current level of security and protection
  • What types of sensitive information you collect
  • How sensitive information is stored
  • Whether employees have remote access to your system

Request a quote to find out how much Cyber Liability Insurance your business needs.

Back to the top

What does it cover?

A cyber attack can result in a number of large, unforeseen expenses. Cyber Liability Insurance can cover the cost of these consequences, including:

  • Incident investigation
  • Regulatory fines, penalties, and expenses
  • Customer notification about a data breach
  • Legal fees and expenses related to litigation
  • Recovery of lost or stolen data
  • Cost of paying ransomware demands
  • Restoration of damaged computer systems
  • Credit monitoring services for affected users

What type of risk isn’t covered?

There are some occasional or related risks of cyber attack that Cyber Liability Insurance generally doesn’t cover. These include:

  • Property damage
  • Lost income past a certain point
  • Lost equipment

Back to the top

What should I look for in Cyber Liability Coverage?

Cyber Liability Insurance is evolving to meet the varied needs of small businesses. Coverage can now be purchased “a la carte,” meaning you, as the business owner, can purchase the specific kind of coverage you need the most while remaining within your budget. Once you and your insurance advisor have determined your level of risk, you can work together to find a policy that works for your business.

Back to the top

Does my small business need Cyber Liability Insurance?

54% of small business owners think they’re too small to be targeted. But unfortunately, that’s not true. Attacks on large companies make the headlines, but small-to-mid-sized enterprises have less cyber infrastructure and therefore have greater vulnerabilities to hackers. Over 40% of cyber attacks are against organizations with fewer than 250 employees

Any company that stores sensitive customer information such as addresses, emails, credit cards, and other information is at risk and would benefit from a Cyber Liability policy.

Back to the top

What is Wire Transfer Fraud (aka Social Engineering)?

Wire transfer fraud (also referred to as social engineering) is the use of psychological manipulation to get people to divulge private information online. This usually happens when a scammer poses as someone trustworthy via email or other electronic communication – often as a friend, a business colleague, a vendor, or a client – then requests a transfer of funds or the necessary information to do so.

Back to the top

Expert Insights and Key Concepts in Cyber Security


Why Implement Multi-Factor Authentication?


What Is Ransomware and How Do You Deal with It?


What Is Wire Transfer Fraud (aka Social Engineering)

Back to the top

Cyber Security Best Practices

  • Beware of app permissions – only give permissions to the applications that need them; don’t be afraid to deny permissions to apps.
  • Install antivirus software on all devices.
  • Always lock your devices, especially when you will be leaving that space for a while; it is unlikely an attacker will know your password and be able to gain access to your data.
  • Passwords – the more complex, the better. Especially in terms of length; you may even want to think of a sentence for a password, as it is easier to remember.
  • Ensure the URLs of sites you visit include HTTPS and a lock icon in the corner.
  • Multi-factor authentication (what you know, what you have, and what you are) = stronger protection.
  • Phishing emails rely on quick/incredible deals and a call to action to get you to make a thoughtless decision. Slow down and think: if it sounds too good to be true, it probably is.
  • Links in emails can be spoofed: double check links by hovering over the URL.
  • It is important to keep your system updated, as this will often fix bugs, patch vulnerabilities, and keep your system optimized.
  • Never let someone else access sensitive data unless they are explicitly authorized, and they know the guidelines around the handling of that data.
  • Customer’s data should be protected and stored in a secure location, in which the data is encrypted, or password protected.
  • Customer information that is no longer needed should be shredded/thoroughly erased.
  • Conduct security awareness training with all employees.
  • Store backups in a safe, secure environment and keep redundant copies offsite.
  • Test those backups regularly and make sure you can easily and quickly restore files.
  • Require dual signature authorization for transferring money over a certain threshold.
  • Install both external and internal firewalls.

Back to the top

Glossary of Cyber Liability terminology

Application Whitelisting – This is the practice of authorizing only a specific set of software applications and application components to run on an organization’s system. Any application that isn’t whitelisted is prevented from running. This prevents most malware from being able to execute on a system, as it is not permitted to do so.

Asset Inventory – A list that shows all IT hardware and devices an organization owns, operates, or manages. This is mostly used to see what security measures are in place and how the data is being held, which is directly correlated to assessing one’s risk.

Custom Threat Intelligence – Analysis of data from open-source intelligence and sources from the dark web to provide organizations with intelligence on cyber threats and actors. This is used to prevent, prepare, and identify cyber threats that are relevant to the organization.

Database Encryption – This is the safe storage of sensitive information by converting it into code to prevent unauthorized access. This can be used to prevent malicious actors from being able to read the data if they do end up gaining access to the database.

Data Loss Prevention – Specific software that can detect if data is being exfiltrated from a network or system. This is important, as it ensures their most sensitive data and assets are secured.

DDoS –  A DDoS (distributed denial of service) attack is one that targets a network by attacking nodes within it, thus blocking incoming traffic to websites. These attacks can shut down a website entirely, affecting the business directly.

DDoS Mitigation – A solution used to filter out malicious traffic relating to a DDoS attack, while allowing users to continue to access the entity’s website or web-based services.

DMARC – This stands for Domain-based Message Authentication, Reporting and Conformance. This is an email authentication, policy, and reporting protocol. Using this identifies spoofed phishing emails by validating the sender’s identity.

DNS Filtering – A technique used to block access to known bad IP addresses by users on the network. This ensures that company data remains secure and allows organizations to have control over what their employees can access on their network.

Email Filtering – Software that scans an organization’s inbound and outbound email messages, then organizes them into categories. This is used to filter out spam and other malicious content.

Employee Awareness Training – Training that increases employees’ security awareness. This is vital to organizations of all kinds, as a human firewall is equally, if not more important, than a computerized one. This training can be generalized information, or focus on specific topics, like phishing emails.

Endpoint Protection – Software that uses behavioral and signature-based analysis to identify and stop malware infections. When organizations ensure endpoint compliance with data security standards, they can maintain greater control over the types and amount of access points to the network. Endpoints are remote computing devices that communicate back and forth with a network to which they’re connected. Some examples are desktops, laptops, phones, etc.

Incident Response Plan – An action plan for dealing with cyber incidents. This helps guide an organization’s decision-making process and can assist in returning the network to a normal operating state as quickly as possible. Basically, this safeguards your organization from a potential loss of revenue due to downtime of the network.

Intrusion Detection System – Monitors activity on computer systems or networks and generates alerts when signs of compromise by malicious actors are detected. This can be used to help analyze the quantity and types of attacks on an organization in order to change the organization’s security systems or implement more effective controls.

Mobile Device Encryption – Encryption that scrambles data in such a way that it can only be read by someone with a special key. This is used for mobile devices, such as phones and laptops. This ensures that, even if lost or stolen, the data is still secured.

Network Monitoring – A system that monitors an organization’s network for performance and security issues. This assists in pointing out the exact location of network problems or proving that the network is not the issue.

Penetration Tests – Authorized simulated attacks against an organization to test its security defenses. This is also referred to as ethical hacking. These tests can help test security controls, find real-world vulnerabilities, ensure compliance, and reinforce security posture.

Perimeter Firewalls – Hardware solutions used to control and monitor network traffic between two points according to predefined parameters. Its goal is to prevent unwanted or suspicious data from entering or exiting the network, as it can filter both internal and external traffic.

Phishing – This is when an attacker, hoping to gather personal and confidential information, sends an electronic communication (email, text, etc.) asking for sensitive data.

Security Info & Event Management – System used to analyze network security information generated by different security solutions across a network. This makes it easier for organizations to manage security for massive amounts of security data by prioritizing security alerts the software generates. This also detects incidents that may otherwise be undetected.

Spoofing – This is when an attacker first steals the identity of a real-time user, and then contacts the user for personal and sensitive information. Both phishing and spoofing have the same end result, information stolen.

Vulnerability Scans – Automated tests designed to examine systems or networks for the presence of known vulnerabilities that would allow malicious actors into the system. Doing this may prevent attacks that would have happened if left unattended.

Web Application Firewall – This protects web facing servers and the applications they use from intrusion or malicious use by inspecting and blocking harmful requests and internet traffic. This is done by adhering to a set of policies that help determine what traffic is malicious and what is safe.

Web Content Filtering – Filters certain web pages or services that may pose a potential security threat to an organization. This is important as it reduces malware infections, protects against exploit kits, and minimizes company liability, among other things.

Back to the top