Getting a Cybersecurity Insurance? 7 Questions to Ask First

Cyberthreats are definitely not going away.  And the costs of remediating a breach are skyrocketing. You should be thinking about getting cybersecurity insurance.

Organizations that go without cyber insurance are, as expected, exposed to greater risk. According to the Forbes Technology Council, cyber insurance has become essential due to our digitized world – which creates a wider attack surface for cyber criminals. Lack of cyber insurance could have significant impacts, especially if your organization has critical infrastructure and sensitive data.

Cyber insurance has been in existence for approximately 20 years.  Policies typically cover cyber-related losses such as data breaches and ransomware attacks:

While more companies are asking questions about cybersecurity while looking for insurance against attacks, premium rates and access to policies are changing.  As a result, insurers are starting to take steps to limit their exposure to these losses. Business owners are often concerned about insurance costs, requirements for the cybersecurity measures, potential issues with cybersecurity audit and more.

Cyber Insurance IT Security Vulnerability Audit

If you are thinking about getting a cyber insurance, consider asking these questions before you buy a policy.

1. What do cyber policies cover?

Cyber policies can cover ransom money, extortion-related expenses, and repair costs.  It is important to notify your insurer before you pay a ransom, otherwise it may not be covered.

Typically, cyber insurance covers the loss of intangibles such as data files, proprietary formulas, sensitive financial information, and personal data of customers or employees. Tangible losses can also be covered – such as physical loss of securities, money, or merchandise.

When considering what cyber insurance policy to buy, be sure to understand the limits of liability … and broadly worded exclusions.

Cyber insurance generally does not cover property damage, which includes computer and other technology equipment that is often damaged as part of a cyberattack. This can be a problem if the hardware has been corrupted to the extent that it is not fixable.

  • A data breach insurance policy is typically structured to ensure that SMB’s monetary losses are covered if data breach occurs.
  • A cyber liability insurance is often chosen by larger companies. It  addresses both financial and legal protection in the event of a breach.

2. What are the risk factors considered by Insurers?

Cyber insurance can get complex, and there is no universal answer. However, there are common components that insurers are looking into.  Here are the 5 main factors that determine the cost of cyber insurance

  • Industry Sector
  • Company Size
  • Geographical and Remote presence
  • Company Revenue
  • Type of Coverage

3. How much money the cyber insurance pay out?

The average payout for an SMB cybersecurity insurance claim associated with a ransomware event is $485,000.  The high cost of payouts is driving insurance companies to raise their premiums, while increasing policy restrictions.

4. Is cyber insurance a good investment?

Cyber insurance can be a good investment, especially if your business deals with sensitive customer and other data.  Also, if your company does much of its business over the Internet, cyber insurance can make sense.  If rates continue to climb and insurers offer more limited coverage, cyber insurance might become more and more difficult for many companies to afford or obtain.

5. Are cyber insurance premiums expensive?

Like with anything, you get what you pay for. With proliferation of cybercrime cyber insurance premiums are on the rise. Various industry reports indicate that cyber liability insurance premiums increased in a range of approximately 25-30% in 2022.  According to Cybersecurity Ventures, cybercrime costs, in the $ trillions each year, are projected to increase at an annual rate of 15 percent through 2025.

6. Since becoming more popular, will cyber insurance become more affordable?

The affordability of the cyber insurance remains unpredictable. A U.S. Government Accountability Office (GAO) report stated that the extent to which cyber insurance will continue to be generally available and affordable remains uncertain.  Growing demand, along with increasing payouts, is causing insurance industry to rethink how it can mitigate its exposure. Insurers are  tightening cyber coverage policy terms and conditions. These changes mean fewer coverage options, stricter standards, and more exclusions.

7. How can I decrease my cyber insurance premiums?

Taking out a cyber insurance policy requires certain criteria to be met along with clarity on some risks outside an insurer’s responsibility.  You’d better have your ducks in a row with your security before you apply.  For example, are you using Multi-Factor Authentication (MFA)?   If not, you may end up paying higher premiums.  Cyber protections such as physical and cloud-based firewalls, anti-virus, threat monitoring and management, email security, and data backup and recovery are all examples of things your insurance company may be looking for. Security awareness training and testing.  This ensures employees are up-to-date on security threats and procedures, businesses can help reduce their risk of becoming a victim of a cyber attack.

Don't Apply for Cyber Insurance

... until you address your cybersecurity gaps.
Get a Cybersecurity Vulnerability Assessment first! Tightening up your IT security will improve your chances of qualifying and decreasing your premiums.


A professional Managed IT or Managed Security Service provider can help your organization to prepare for, respond to and recover from cyberattacks.

Additional resources:



How is your state of IT? Call Us: (855) 551-7760 with any questions.