
The amount of cyber insurance a company should have can be a complex decision. It's essential to consider the potential financial impact of a cyber attack, which can range from $200,000 to $2.5 million or more.
The cost of a cyber attack can be staggering, with some companies facing losses of up to $1 million per hour. This highlights the importance of having adequate cyber insurance coverage.
To determine the right amount of cyber insurance, companies should consider their specific risks and vulnerabilities. A company with sensitive customer data, for example, may need more coverage than one with less sensitive information.
Expand your knowledge: Insurance Clearinghouse Cyber Attack
Determining Coverage Amount
Determining the right amount of cyber insurance coverage for your business can be a challenge, but it's essential to get it right.
The amount of coverage you need will depend on the size and nature of your business, as well as the potential risks and vulnerabilities you face.
Consider the type of business you run - different industries have different levels of risk when it comes to cyber-attacks. For example, a business that handles sensitive financial or personal data may be at a higher risk than a business that doesn't.
Larger businesses typically have more data and assets to protect, so they may need more coverage.
The potential cost of a cyber attack is also a crucial factor to consider, including legal fees, notification and credit monitoring services for affected individuals, and any business interruption costs.
Review your current insurance policies to determine if you already have some coverage for cyber risks.
Cyber liability insurance policies come in two parts: first-party cyber liability coverage and third-party cyber liability insurance coverage.
Your risk profile data and claims history are often used to determine how much cyber liability insurance will cost a business.
Here are some general guidelines for determining the right coverage amount:
Keep in mind that these are general guidelines, and the right coverage amount for your business will depend on your specific circumstances.
Most small businesses purchase a cyber liability insurance policy with a $1 million per-occurrence limit, a $1 million aggregate limit, and a $1,000 deductible.
If a data breach costs a business an average of $150 per lost or stolen record of customer PII, this coverage limit will be high enough to protect any small business that handles a few thousand records.
Your risk is especially high if you handle any records that fall under the Health Insurance Portability and Accountability Act (HIPAA), which set national standards for protecting personal information and reporting compromised data.
You might like: Electronic Data Liability Coverage
Quantify Risk Exposures
You can't put a price on peace of mind, but you can quantify your cyber risk exposures to make informed decisions about your cybersecurity investments. Marsh Asia's Cyber Risk Quantification can help you with a six-step qualitative and quantitative consultant-led approach that analyses your existing cyber coverage and gaps.
This approach evaluates the total cost of risk of your cyber insurance programs and provides expert advisory capabilities including forensic accounting, claims, and actuarial analytics to define losses and identify the optimal insurance structure. Quantifying cyber risk exposures requires specialised skills, and Marsh Asia’s team can provide you with tailored insights into cyber threats.
For your interest: Risk Tolerance Cyber Security
Cyber risk quantification involves conducting a comprehensive analysis of threats by identifying vulnerabilities based on your business’s digital footprint and cyberattack scenarios. This can help you understand the potential losses of cyber incidents based on standard metrics such as the number of employees, revenue, and past incidents.
A major manufacturer in Asia sought to purchase cyber insurance for the first time and needed assistance in understanding its cyber risk exposure and determining the appropriate amount of coverage in a challenging insurance market. Marsh Asia’s Cyber Risk Quantification team provided support by quantifying the financial exposure of cyber events, such as ransomware, business interruption, and data breaches.
Here are some key benefits of quantifying your cyber risk exposures:
- A comprehensive analysis of threats by identifying vulnerabilities based on your business’s digital footprint and cyberattack scenarios.
- Expert advisory capabilities including forensic accounting, claims, and actuarial analytics to define losses and identify the optimal insurance structure.
- Tailored insights into cyber threats to make informed decisions about your cybersecurity investments.
- Quantification of the potential losses of cyber incidents based on standard metrics such as the number of employees, revenue, and past incidents.
By quantifying your cyber risk exposures, you can make informed decisions about your cybersecurity investments and ensure that you have adequate coverage in place to protect your business from cyber threats.
Types of Coverage and Policies
First-party cyber liability insurance protects your business from direct financial costs after a data breach or cyberattack, including recovering data, notifying customers, and providing credit monitoring services.
This type of coverage is essential for businesses that handle sensitive data, such as medical offices or financial advisory firms.
Third-party cyber liability insurance addresses legal costs if a client experiences a data breach and sues your business for failing to prevent it.
This coverage is crucial for IT consultants and network security companies, as clients may sue them after a data breach and claim that they failed to protect their data.
Cyber insurance policies come in two parts: first-party cyber liability coverage and third-party cyber liability insurance coverage.
The right cyber insurance policy for your business depends on your risk levels and the type of data you handle.
Insurance agents can work with you to determine the appropriate cyber coverage and limit for your operations.
Recommended read: Cyber Insurance Data Breach
Cyber policy limits start as low as $100,000, and choosing a lower limit could leave you paying out of pocket for a portion of a claim.
Here's a breakdown of the factors to consider when determining how much cyber liability insurance you need:
- Business type: Different industries have different levels of risk when it comes to cyber-attacks.
- Business size: Larger businesses typically have more data and assets to protect.
- Potential cost of a cyber attack: Consider the potential costs associated with a cyber attack, including legal fees and business interruption costs.
- Current coverage: Review your current insurance policies to determine if you already have some coverage for cyber risks.
Business Considerations
Small tech businesses often purchase a cyber liability insurance policy with a $1 million per occurrence limit and a $1 million aggregate limit, which can protect them from data breach costs of about $250 per client or customer record.
High-risk businesses, such as those specializing in data storage, may need higher coverage limits, up to $5 million.
Most small tech companies purchase a technology errors and omissions policy (tech E&O) that includes cyber liability coverage, rather than a standalone cyber liability insurance policy, due to the high risk of cyber liability for tech businesses.
You might enjoy: A Life Insurance Company Sells a Term Insurance Policy
Business Funding Needs
Small businesses often underestimate the financial risks of a data breach, but a cyber liability insurance policy can provide peace of mind. Most small businesses purchase a policy with a $1 million per-occurrence limit.
Readers also liked: Cyber Security Insurance for Small Business

A data breach can be costly, with an average cost of $150 per lost or stolen record of customer PII. This means a breach of a few thousand records could cost a business a significant amount.
Handling data that falls under HIPAA regulations increases a business's risk of fines and lawsuits. HIPAA violations can result in hefty fines, making it essential to have adequate coverage.
A cyber security policy with higher coverage limits may be necessary for businesses that handle sensitive data. Many policies have a maximum coverage limit of $5 million.
Broaden your view: Cyber Insurance Cost
Startup Tech Budget
As a startup tech business, it's essential to allocate your budget wisely, especially when it comes to cyber liability insurance.
Most small tech companies purchase a cyber liability insurance policy with a $1 million per occurrence limit and a $1 million aggregate limit.
A data breach can cost a business about $250 per client or customer record, so this coverage limit will be high enough to protect any business that handles a few thousand records.
You might enjoy: With Disability Income Insurance an Insurance Company May Limit
You can discuss your need for higher coverage limits with your insurance provider, especially if you're a high-risk business, such as one specializing in data storage.
Many policies have a maximum coverage limit of $5 million, but it's worth noting that insurance providers often bundle technology errors and omissions policy (tech E&O) with cyber liability coverage.
Common Threats and Attacks
Cyber attacks can take many forms, but some common types include data breaches, ransomware attacks, phishing attacks, malware attacks, denial of service attacks, man-in-the-middle attacks, and insider threats.
Data breaches occur when unauthorized individuals gain access to sensitive information, such as personal data or financial information. This can happen in a variety of ways, including hacking or physical theft of devices.
Ransomware attacks are a type of malware that encrypts a victim's data and demands a ransom payment to restore access. This can be a costly and time-consuming process for businesses to recover from.
Explore further: Cyber Insurance Ransomware Coverage
Phishing attacks involve sending fake emails or texts that appear to be from legitimate sources in order to trick individuals into disclosing sensitive information or infecting their devices with malware. These attacks are often highly effective and can lead to significant financial losses.
Malware attacks are a serious threat, as they can disrupt, damage, or gain unauthorized access to a computer system. This can be particularly problematic for businesses that rely on technology to operate.
Denial of service attacks involve flooding a website or network with traffic in an attempt to make it unavailable to users. This can be a frustrating experience for customers and can damage a business's reputation.
Man-in-the-middle attacks involve an attacker intercepting communication between two parties and manipulating or stealing the information being transmitted. This can be a significant security risk for businesses that handle sensitive information.
Insider threats refer to individuals within an organization who misuse their access to sensitive customer information for personal gain or to cause harm to the organization. This can be a particularly difficult problem to identify and address.
Here are some common types of cyber attacks and their characteristics:
- Data breaches: Unauthorized access to sensitive information
- Ransomware attacks: Malware that encrypts data and demands a ransom
- Phishing attacks: Fake emails or texts that trick individuals into disclosing sensitive information
- Malware attacks: Software that disrupts, damages, or gains unauthorized access to a computer system
- Denial of service attacks: Flooding a website or network with traffic to make it unavailable
- Man-in-the-middle attacks: Intercepting communication between two parties and manipulating or stealing information
- Insider threats: Misuse of access to sensitive customer information by individuals within an organization
Case Studies and Examples
A company in Asia sought to purchase cyber insurance for the first time and needed help understanding its cyber risk exposure. Marsh Asia's Cyber Risk Quantification team provided support by quantifying the financial exposure of cyber events such as ransomware, business interruption, and data breaches.
The team also assessed the effectiveness of existing cyber controls by benchmarking the client against industry and peer organisations. This helped the company improve its cyber risk resilience by obtaining coverage for key identified loss scenarios.
Marsh Asia was able to define the impact of hypothetical cyber risk scenarios on the client's critical OT and IT applications, and quantify the risk exposures. This allowed the company to strategically assess its risks and validate the effectiveness of their existing coverage.
Case Study: Quantifying Risks for a Large Multinational's First Purchase
A large multinational in Asia wanted to purchase cyber insurance for the first time, but needed help understanding its cyber risk exposure. Marsh Asia's Cyber Risk Quantification team provided support by quantifying the financial exposure of cyber events such as ransomware, business interruption, and data breaches.
The team assessed the effectiveness of existing cyber controls by benchmarking the client against industry and peer organisations, providing a comprehensive analysis of threats by identifying vulnerabilities based on the business's digital footprint and cyberattack scenarios.
Marsh Asia was able to define the impact of hypothetical cyber risk scenarios on the client's critical OT and IT applications, inform the management of potential risk gaps and scenarios, and quantify these risk exposures.
The insights from Marsh Asia enabled the company to strategically assess its risks and validate the effectiveness of their existing coverage, ultimately helping them improve their cyber risk resilience by obtaining coverage for key identified loss scenarios.
Marsh Asia's Cyber Risk Quantification services can provide similar support to your organisation, empowering you to make informed decisions and optimise your cybersecurity investments.
Quotes from Trusted Companies
You can get quotes from trusted insurance companies through Insureon, which offers an easy online application to compare quotes from top-rated carriers for cyber policies.
Insureon's application process allows you to find the right policy for your small business in a short amount of time, with coverage starting in less than 24 hours.
Frequently Asked Questions
How much should a company spend on cyber security?
Typically, companies should allocate 7-20% of their IT budget for cybersecurity investments. This budget can be used for various cybersecurity tasks, such as software, monitoring, and staff training
What is standard cyber insurance coverage?
Standard cyber insurance coverage typically includes protection against data-related losses, such as hacking and theft, as well as legal expenses. This coverage helps businesses recover from cyber attacks and related costs.
Featured Images: pexels.com


