Skip to content

Insurance

Cyber Insurance: Protecting your Business from Rising Digital Threats

← All articles
Filed under Insurance

In the last year, cyber criminals delivered a wave of cyber-attacks that were highly coordinated and far more advanced than ever before. Simple endpoint attacks became complex, multi-stage operations. Ransomware attacks hit small businesses and huge corporations in equal measure. It was a year of massive data leaks, expensive ransomware payouts, and a larger, more complicated threat landscape. Cyber criminals have upped their game in a big way.

Cyber attacks have become the new norm across public & private sectors. This sketchy industry continues to grow and IoT cyber-attacks alone are expected to double this year. The Internet of Things (IoT) describes the network of physical objects that are embedded with software, sensors, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. IoT is not just computers and cell phones anymore: security systems, cars, Echo, Fitbit, Airtag, watches, thermostats, lights, TV's, smart appliances and more... anything connected to the internet could be a potential entry point for a creative and determined hacker.

According to the Identity Theft Resource Center (ITRC), nearly three-quarters of US small business owners reported a cyber-attack last year, with employee and customer data most likely to be targeted in data breaches. A cyber attack on average costs businesses of all sizes $200,000. This high cost leads to roughly 60% of small businesses folding within 6 months of a cyberattack. For companies that can weather the storm, the costs associated with a cyber-attack typically stretch out 3 years or more.

Cybercriminals use advanced ransomware tacƟcs, AI, and deepfakes to improve their targetng capabilities. The introduction of generative AI is a huge problem for businesses. AI tools will help cyber criminals develop extremely convincing emails and telephone calls to evade detection of their social engineering campaigns making employees particularly susceptible.

The human element is the weakest link in cybersecurity, but it is also the most important. Small business owners are so busy that they often don’t take the necessary time to closely train, educate or supervise their employees. That leads to employee negligence which can leave businesses vulnerable to cyber-attacks. In fact, the vast majority of cybersecurity breaches are due to human error with the attack typically beginning as a phishing email sent to an unsuspecting employee.

Whether you are a large global company, a startup, or anywhere in-between, you face cyber risk simply because you use technology to do business. As technology becomes more complex, so does the cyber threat landscape. Every business needs to have an appropriate level of cyber liability insurance and an effective cyber security plan.

The cost of cyber insurance is typically based on annual revenue, claims history, number of clients, number of records, type of data & sensitive information stored.

Cyber insurance can help protect your business against losses resulting from a cyber-attack. Make sure coverage includes the following:

• Data breaches (incidents involving theft of personal information).
• Cyber attacks (breaches of your network).
• Cyber attacks on your data held by vendors or other third-parties.
• Cyber attacks that occur anywhere in the world (not just the US).
• Breach Hotline that's available every day of the year, 24 hours a day.
• "Duty to defend" wording (defend you in a lawsuit or regulatory investigation)

If you feel safe because you bought an endorsement to your E&O policy that provides some cyber or tech coverage, you need to read and fully understand the coverage. Endorsed E&O policies typically provide limited third-party coverage, and you may be very disappointed to find that your policy does not provide any first-party coverage when you file a claim.

First-party liability coverage typically protects your data including employee and customer information. This coverage includes costs related to:

• Legal counsel to determine your notification and regulatory obligations
• Recovery and replacement of lost or stolen data
• Customer notification & call center services
• Lost income due to business interruption
• Crisis management and public relations
• Cyber extortion & fraud
• Forensic services to investigate the breach

Third-party liability coverage generally protects you from liability if a third-party brings claims or lawsuits against you. This coverage typically includes:

• Payments to consumers affected by the breach
• Costs for litigation and responding to regulatory inquiries
• Claims and settlement expenses related to disputes or lawsuits
• Losses related to defamation and copyright or trademark infringement
• Accounting costs
• Other settlements, damages, and judgments

An oversimplified example using something we all know is auto insurance. Whenever you drive your car, you are under one of the following scenarios for an at fault accident: no insurance, liability only, or full coverage.

1) No Insurance: You are paid nothing and the person you hit is paid nothing. You suffer out of pocket costs for everything.
2) Liability Only (for example – an older, high mileage, low value car):
Your insurance pays the person you hit for their injuries and damages, BUT you suffer out of pocket costs
for all your injuries and damages. This is an example of third-party liability coverage.
3) Full Coverage (for example – a nice, well-maintained car with value):
Your insurance pays the person you hit for their injuries & damages, AND your insurance pays for your
injuries and damages. This is an example of third-party liability PLUS first-party liability coverage.

When it comes to protection from costs associated with cyber-attacks, your business is operating under one of the same 3 scenarios... completely uninsured, liability only, or full coverage. What type of "car" are you driving when it comes to your cyber coverage?

Connect with one of our Insurance Experts to discuss your company's appropriate cyber coverage amount and an effective cyber security plan.

Found This Useful? Let's Get You Set Up.

Start an application and an expert will tailor the next steps to your situation.

Related reading

May 2026

Newsletter

May 2026

COLORADO AI DECISIONING LAW REPLACED Colorado Governor Jared Polis signed Senate Bill 26-189 on May 14, 2026, repealing and replacing the state's earlier AI law with a narrower framework governing automated decision-making technology used in consequential decisions. Effective January 1, 2027, the law applies when automated tools materially influence decisions involving consumer access, eligibility, pricing, [...]

April 2026

Newsletter

April 2026

NY BNPL LICENSING FRAMEWORK ADVANCES WITH DETAILED REQUIREMENTS Following earlier movement to regulate Buy Now, Pay Later products, New York regulators are now advancing a proposed rule that outlines how the framework would operate in practice. The rule would require most BNPL providers to obtain a state license and comply with detailed requirements covering disclosures, [...]

15 Licensing Application Process Facts That Delay Approvals

Compliance

15 Licensing Application Process Facts That Delay Approvals

Most licensing delays come from small misses. A payment method that does not work, a stale certificate, the wrong signature, a missing ownership detail. These are the things that slow down filings, trigger deficiencies, and force teams to redo work they thought was finished. We pulled these from the webinar because they came up naturally [...]

Cyber Liability Insurance- What Does it Cover?

Insurance

Cyber Liability Insurance- What Does it Cover?

Understanding Cyber Liability Insurance Coverage By now, you've heard the reports and fallout from the recent breach of millions of consumer records from a medical billing agency. Suddenly, those seemingly distant stories of hackers and cyber-crime have hit much closer to home in the ARM industry. Whether the incident is a record breach or a [...]

How Will a Supreme Court Shift Impact the Collection Industry?

Licensing

How Will a Supreme Court Shift Impact the Collection Industry?

As Kavanaugh Looks to Replace Kennedy on the Supreme Court, What Will be the Impact on the Collection Industry? By Caren D. Enloe (originally posted on Minnlawyer.com) When news broke that Justice Kennedy would be retiring after a thirty-year career as the swing vote on an increasingly partisan Supreme Court, attention immediately focused on who [...]

Do You Have a Fully Developed Cybersecurity Approach?

Licensing

Do You Have a Fully Developed Cybersecurity Approach?

People, Processes, and Computer Technology: Three Essential Parts of Your Security Program to Protect Non-Public Personal Information. Introduction: Information Security is a Program, Not a Product "If you think security is a technology problem, then you don't understand the problem, and you don't understand technology."- Bruce Schneier, Computer Security Professional. Every "financial institution" (including third-party [...]

Browse the full insights library, meet our editorial team, or download our whitepapers.

Insights

Found This Useful? Let's Get You Set Up.

An expert will respond within one business day.