What is Cyber Insurance?

In 2021, almost every business uses technology. When that technology fails or is attacked, the consequences can be severely expensive. Innocent mistakes, like an employee clicking on a malicious link in an email, can quickly turn into six- or seven-figure catastrophes.

Cyber insurance helps companies mitigate the financial risks and liabilities that come with having a digital presence. A single cyber policy can cover the costs of a wide range of events, including:

  • Data breaches
  • IT downtime
  • Invoice scams
  • Equipment destruction
And many more! Read on for a full list of common coverages.

Many cyber insurance policies include additional risk-preventing services, such as cybersecurity scans, training sessions for employees, and access to expert security professionals to remedy cyber events as they occur.

Who Should Purchase Cyber Insurance?

Any business that uses technology is at risk. Even a small digital presence carries liability: for example, if your corporate Facebook page gets hacked and defaced, that can be expensive just by spoiling relationships. If your email service gets breached, you could be on the hook for enormous damages if your breached emails contained customer data.

Even businesses without a digital presence may benefit from cyber insurance. For example, a cyber policy may cover your business suffering because one of your vendors is down due to a cyber event.

While cyber attacks on large companies are frequently in the news, most cyber attacks are on small companies. It is especially small businesses that are at risk, because they usually have fewer resources to invest in security and to defend themselves. That’s where insurance can powerfully step in.

Why Should a Business Purchase Cyber Insurance Today?

In short, there are three major reasons:

  1. Cyber attacks are becoming more frequent and far more severe. Cyber criminals are taking advantage of businesses adapting remote work and relying more on technology.
  2. Cyber incident recovery costs frequently exceed millions of dollars and can easily bankrupt a small business. 60% of small businesses are bankrupt within six months following a data breach.
  3. Cyber insurance is increasingly required when signing contracts for everything from service contracts to equity investments.

What are the Common Coverages?

Below are the most standard cyber insurance coverages. At, we want you to have all your bases covered -- almost every insurance policy we offer provides comprehensive coverage, and we provide detailed comparisons to help you choose. Our brokers are standing by 24/7 to help you choose the best policy for your needs.

Breach Response

Coverage for notification costs, forensic costs, legal expenses, and crisis management in the event of a data security or privacy breach.

Example: your database containing customer payment information gets breached. The insurer will pay for security forensics on the breach, and for notifying affected customers about the event.

Business Interruption

Coverage for lost revenues or expenses incurred due to an interruption or outage of an insured’s systems caused by a cyber security breach.

Example: A cyberattack knocks important servers offline, preventing you from completing sales. The insurer will cover both the revenues lost due to downtime, and the costs to put the servers back online.

Contingent Business Interruption

Coverage for lost revenues or costs due to Business Interruption as a consequence of third parties suffering outages that prevent the insured from generating revenue or operating normally.

Example: the vendor managing your IT system has downtime due to a cyber attack. Consequently, you cannot process new sales. Your insurer will reimburse you for those lost revenues.

Contingent Bodily Injury

Coverage for costs due to sickness or bodily harm to a person caused by a cyber event suffered by a third party.

Example: your factory has a conveyor belt that is controlled by software managed by a third party. The third party is breached, their software stops working, and conveyor belt malfunctions, injuring a worker. The insurer will pay for the worker’s medical expenses.

Cyber Extortion

Also known as ransomware, this is coverage for costs associated with a cyber extortion event, including extortion monies paid as a result of an extortion threat.

Example: a hacker breaches your customer database and threatens to delete the data unless you pay them a fee. The insurer will cover this fee.

Invoice Manipulation

Coverage for losses due to customer invoices being fraudulently sent or modified.

Example: a criminal gains access to an employee’s email account, and sends a legitimate-seeming invoice to one of your customers. The customer pays the invoice to the criminal, while your company does not get paid. The insurer will cover the net financial loss to you.

Network Security and Privacy Liability

Coverage for expenses incurred in an alleged privacy or data breach, such as remediation and defense/damages in the event of litigation due to the breach.

Example: your customer database is breached and your customers’ passwords are leaked. A customer consequently suffers damage and sues you. The insurer would cover the costs of your litigation defense.

Media Liability

Coverage for damages due to the publication of media material (text, sounds, images, etc.) that results in allegations of defamation, slander, trademark or copyright infringement, etc.

Example: your company changes its logo. Another company alleges that your new logo infringes on their trademarked logo. The insurer would cover any legal costs in defending your new logo.

Payment Card Industry (“PCI”) Liability

Also known as Data Security Standard (“DSS”), this is coverage for losses (defense costs and corresponding fines and penalties) due to any alleged or actual noncompliance with PCI security standards.

Example: your company accidentally stores some customer credit card numbers in an insecure way. Those numbers become leaked to the public, and some customers suffer damages. The insurer would cover those damages, as well as any additional fines that are assessed.

Regulatory Liability

Coverage for legal defense and civil fines or monetary penalties that an insured may be required to pay if investigated by a regulatory authority following a cyber event.

Example: your customers’ sensitive data is leaked to the public. A government agency investigates you to assess if you have complied with all applicable privacy/data storage requirements. They find that you have not, and you are fined. The insurer would cover any legal defense costs, as well as the fine.

Reputational Harm

Coverage for lost revenues or expenses incurred due to an adverse media event following a cyber attack.

Example: your corporate LinkedIn is taken over by a hacker and defaced with offensive messages. The insurer would pay for a public relations firm to remedy the situation, and for any lost revenues if sales decrease because of the defacement.

Social Engineering

Coverage for losses due to criminals deceiving the insureds’ employees into taking damaging actions, such as initiating payments to fraudulent actors.

Example: an employee wires a vendor after receiving an urgent email from the CEO about payment being overdue. It turns out that the email was not from the CEO but from an impersonator. The insurer will cover the loss.


GETCYBER.COM is offered by Metasure.
Metasure is licensed as a property and casualty insurance agency in all 50 states.