Why do you need Cyber Liability Insurance?

If you collect any sort of personal or company information, have a “login” feature on your site, integrate with another company’s systems in any way, have clients who rely on your programs or software in their operations, have employees who could fall for a phishing scam, generate online content such as blog posts or even simply rely heavily on email communications, you need cyber insurance.

Cyber - 4m

The average total cost of a data breach in 2016 was $3.6 million and the average cost per individual record that was lost was $141 (IBM).


Criminals are only responsible for a portion of these data breaches. IBM and Ponemon determined that more than half of all data breaches in 2016 were caused by mistakes! 28% can be attributed to human error and 25% to system glitches.

Cyber -87%

87% of cyber claims come from companies with under $2B in revenue, according to one NetDiligence report.

A typical data breach involves the failure of a security feature or unauthorized access to an entire database. This means that thousands of users’ data will be compromised rather than just a handful. It’s pretty easy to see how a breach of this nature opens your company up to more than just a simple lawsuit. More realistically, you’ll be looking at a class action suit. These are a whole lot more expensive to defend against.

What is Cyber Liability Insurance?

Cyber liability insurance is designed to protect companies against lawsuits from third parties and fines and penalties from regulators. The goal of these policies is to address the risk exposure created by various electronic activities, the most common of which being the collecting or storing some kind of PII.

This is a relatively new type of policy and the coverage available seems to grow every year. In the past, a policy might have only protected you against lawsuits from victims and fines from government agencies. Now policies are expanding to capture some of the other expenses.

Today it is not unusual to find policies that will pay for crisis management consultation, forensic investigation into the source of the breach, guidance in public messaging from a PR firm and notification and credit monitoring services for affected users. If your system or software has been compromised, data restoration services can be costly — cyber policies can pay this bill after a covered loss. Last but not least, the right insurance product will reimburse you for income lost and payroll spent during the time when your systems were down and you were unable to operate.

Some newer policies even include coverages like dependent business income (for when your service provider suffers an attack and you lose money as a result) and social engineering (e.g. spear phishing).

As soon as a single PII record is compromised, various state and federal privacy laws will kick in to make sure you play by the rules and take responsibility for the lost data. But this policy isn’t just about paying the cost of a legal defense.

Having a cyber insurance policy in place means that, if the worst does happen, you’ll have a crisis management partner who will walk you through what you need to do to minimize the financial impact to you and the broader impact to the people and organizations affected.

Get a Cyber Insurance Quote

What does Cyber Liability Insurance cover?

You will have to consult your policy documents to confirm exactly what coverage your Cyber insurance provides but here are a few scenarios that typically would and would not be covered. You can read more about what cyber insurance covers here.

Many policies cover losses caused by damage, theft, disruption or corruption of your electronic data. They also cover damage or theft of data stored on your computer system that belongs to someone else. For a loss to be covered, it must result from something like a hacker attack, a virus, or a denial of service attack. The policy generally covers the costs to restore or recover lost data. It may also cover the cost of outside experts or consultants you hire to preserve or reconstruct your data.
Many policies cover income you lose and extra expenses you incur to avoid or minimize a shutdown of your business after your computer system fails. The loss of income and extra expense coverages afforded under a cyber liability policy differ from those provided under your commercial property policy. Cyber policies cover income losses and extra expenses that result from an interruption of your computer system. Property policies cover income losses and extra expenses that result from an interruption in your business operations caused by physical damage to covered property, which does not include electronic data.
Cyber extortion coverage applies when a hacker or a cyber thief breaks into your computer system and threatens you and your business. For instance, a hacker may threaten to damage your data, introduce a virus, or shut down your computer system unless you pay him or her a sum of money. The perpetrator may also subject your computer system to a denial of service attack or threaten to release confidential data unless you pay the sum demanded. Extortion coverage typically applies to expenses you incur (with the insurer's consent) to respond to an extortion demand, as well as the money you pay the extortionist.
Policies may cover the cost of notifying parties affected by the data breach by government statutes or regulations. They may also include the cost of hiring an attorney to assess your firm's obligations under applicable laws and regulations. Some policies cover the cost of providing credit monitoring services for those affected by the breach. Some also cover the cost of setting up and operating a call center.
A data breach can severely damage your firm's reputation. So, some policies cover the costs you incur for marketing and public relations to protect your company’s reputation following a data breach. This coverage is sometimes referred to as Crisis Management.

How much does Cyber Insurance cost?

As with most commercial insurance policies the cost of cyber insurance depends on a number of factors. Here are some of the main points that insurance carriers will take into account when calculating your premium:

  1. Data: what type of data is being collected and how much is being collected?
  2. Controls: what type of security measures and incident response plans do you have in place already?
  3. Industry: a payment processor is more likely to be attacked than a cookie store with an online presence.
  4. Customer base: the more customers, the higher the potential severity of a data breach. If the customers are large companies/institutions with deep pockets and a lot to lose, underwriters will recognize the increased risk of expensive litigation in the event of a data breach.
  5. Revenue: this is the primary factor for determining rate change on renewal.
  6. Claim history: a history of litigation raises red flags


To give you a rough idea of what to expect in terms of premium, check out this research from Deloitte. Don’t be put off by the high starting point, we often get quotes for our clients of $5k, sometimes less

Who needs Cyber Liability Insurance?

Who really needs cyber insurance? The short answer to that question is: everyone. Every type of commercial entity – meaning municipalities, non-profit organizations, educational institutions, and corporations – needs cyber insurance if they collect, process or store employees’ or customers’ personal or financial data, or if they have proprietary intellectual property. However Cyber is particularly important for the following industries:


Financial Services





How it Works

Create Profile

Get Quotes

Sleep Well

Happy clients

“Didn’t overwhelm us with paperwork and didn’t try to sell us to buy insurance that a tech startup doesn’t need. Definitely will recommend to any startup!

Li ChenCanvs

“Being able to work closely with someone on our insurance needs is incredibly important!” _________________________________________

Brian SaplickiBitly

“Great mix of old-school customer service with awesome use of technology to make the process as seamless as possible.” _________________________

Adam BlockShinesty

Learn more about Cyber Liability Insurance

Canadian tech companies face unique exposures — but tech E&O insurance helps to mitigate risks. Here’s what you should know.
Read More
Canadian tech companies face a slew of challenges — but five primary E&O and Cyber claims stick out. Here’s a look at these themes.
Read More
A cyberattack could devastate your fast-growing business quickly. With cybersecurity a real concern, here’s how to protect your mid-market business from a data breach.
Read More