How Much Cyber Insurance Should I Buy?

cyberHow Much Cyber Insurance Should I Buy?

How Much Cyber Insurance Do I Need for My Business?  How much is enough when it comes to cyber?


Cyber insurance is a unique form of insurance protection that will cover the insured for:

First-party claims – meaning damages they suffer directly as a result of a cyber event such as damage to hardware, software, and data; cybercrimes; business interruption, extortion, notification costs and more.


Third-party claims – meaning liability claims when third parties sue the insured.  Common examples are network security liability, privacy liability, media, fines and penalties.

In addition, most cyber policies on the market today will include pre-breach risk control services as well as post-breach services to help you immediately respond to a claim or threat.

Now, back to how much coverage is the right amount of coverage?


There are three ways to help determine the right amount of coverage you should buy.

  1. The first is to go to the Net-Diligence Data Breach Calculator. That can be found here:  Net-Diligence is a cyber risk consulting firm and they have created this calculator to help determine what potential claim costs could be based on the number of records and types of records your firm may have exposed in a breach.  While the resulting costs are estimates, the calculator does give a good estimate of what a company’s claim costs could be in the event of a breach.  I recommend assuming a worst-case scenario.


  1. There are a few sources of insurance limits benchmarking that can provide a buyer some ideas of what their peers are buying in terms of limits for certain forms of coverage, and cyber is one of them.  The idea here is that if you know that firms in your industry, which are of similar size are buying a particular limit of coverage then you can parallel your decisions to the peer group.  Typically you’ll get benchmarking figures from your broker.


  1. Your budget. At the end of the day, your budget will dictate how much limit of coverage you can afford.  I don’t recommend skimping, but rather be realistic.  In fact, combing information you learn from the first and second recommended methods and seeing how close you can get to that with your budget makes sense.

When you ask your broker for a quote on cyber insurance, ask to see options.

If you’re a small business ask to see limits of $1M, $2M, and $3M.  if you’re a larger business and the Breach Calculator is indicating limits over $3M then ask for a range of quotes.  This will help to make a more informed decision regarding coverages, limits, and costs.

To wrap it up, I will say that in my experience most business owners under-estimate what a cyber event may cost them.

I get it.  If you’ve never been through a breach, hack, or ransomware event, how would you know what to expect or what the costs are to stopping the event, unraveling it, and paying for experts like forensics, tech services, lawyers, potential fines, and penalties, notification costs, potential liability suits and more.

The bottom line is that cyber events are costly – very costly.  If you think $1m of coverage is enough, buy up to $2M.  if you think $5M is enough, price out limits to $10M so you know what the costs are and what your budget may support.  I’ve never had a client sorry that they had more coverage than they needed following a serious claim, and most all cyber events are serious.

The wild card when it comes to cyber is the extent to how far damages may extend in both direct and consequential damages, which is why I recommend higher limits to safeguard against that unknown.

Have unresolved questions or issues regarding cyber insurance, or any other business insurance issue?

Why not reach out by email or phone and let’s chat.  I love helping out business owners and welcome the chance to speak with you.

Leave a Comment