The average cost of cyber insurance in the U.S. in 2021 was $1,589 per year or $132 per month. According to recent reports, the U.S. is the country that is most frequently targeted for cyberattacks. Companies in the U.S. spend almost $4 million dollars on average to respond to data breaches, according to IBM. For small businesses, the cost averages around $36,000 to recover from a data breach, according to First Data. For small and midsize businesses, the cost rises to an average of $86,000, as reported by Kaspersky.
AdvisorSmith conducted a study using quote estimates and rate filings from over 43 insurance companies nationwide and found premiums ranging from $650 to $2,357 for cyber insurance, based upon companies with moderate risks. These premiums were based upon liability limits of $1,000,000, with a $10,000 deductible, and $1,000,000 in company revenue.
The average cost of cyber insurance is has risen to 25-80% in the U.S. The costs of insuring your business against data breaches and hacking attacks vary based upon the nature and size of your business, as well as the state in which your business is located. For example, the average cost in Michigan was $1,339 for our example scenario, while similar coverage in Minnesota was $1,708. Below, we list the average cost of cyber insurance in each state, along with the difference between the state average and the national average.
In addition to the nature of your business, location, and claims history, a major factor in determining your insurance premium will be the level of coverage that you choose. The higher the limits of your cyber coverage, the higher your premiums will be. However, additional coverage usually costs less per dollar of coverage compared with the base coverage. For example, the first $250,000 of coverage costs an average of $739 in our example below, while the next $250,000 of coverage only costs an average of $407, for a total cost of $1,146.
In the following table, we show how the average annual premium changes for different levels of coverage with varying deductibles, based upon a business with moderate risk in the state of Connecticut. To create this table, we used quotes and rate filings from major insurance companies in Connecticut. Actual premium prices would vary depending upon the type of business, location, and claims history.
A cyber insurance deductible is the amount of a loss that your company is responsible for in the event of a covered hack, data breach, or other event covered by your cyber liability insurance. A typical deductible for a $1 million policy could be $10,000, but you are free to choose higher or lower deductibles depending on your company’s situation. Choosing a lower deductible means you’ll pay less in the event of a breach, but it also means your premiums will be higher.
In addition to the revenue, size, and type of business, many insurers will ask for the number of sensitive records stored by an organization, as well as the number of financial or credit card transactions processed by your company. Usually, the higher the number of sensitive records or financial transactions stored, the higher your company’s insurance premiums will be.
There are a few types of claims that seem to be more common than others in the world of cyber insurance. These types of claim can be very costly, as they can often take a long time for a company to get its systems back up and running. Common claims include data loss or theft, cyber extortion, and denial of service attacks. Other examples include:
First-party coverage: This type of coverage provides protection for your organization in the event of a data breach or cyber attack, covering expenses such as notifying customers of a breach, providing credit monitoring services, and public relations expenses.
Third-party coverage: This type of coverage protects your organization from claims made by other parties in the event that your company is responsible for a data breach or cyber attack. This could include damages paid to customers or clients, as well as expenses related to a court case or settlement.
Cyber extortion: This type of coverage can provide protection in the event that your organization is the victim of a ransomware attack or other type of cyber extortion. It can help cover the costs of paying a ransom, as well as expenses related to restoring systems and data.
Business interruption: This type of coverage can help protect your organization in the event that business operations are disrupted due to a cyber attack. It can help cover lost revenue as well as expenses related to restarting operations.
