Skip to main content

Have you considered applying for cyber insurance?

Experts say it’s no longer a question of if, but when your company will be affected by a breach. Considering the high risk and potentially devastating consequences of a data breach or cyber-attack, more and more companies are turning to cyber insurance for protection. But is it something small businesses really need? Does your company meet the criteria to qualify for cyber insurance? What do cyber insurance companies want from clients? 

Let’s look at what cyber insurance can offer SMBs and what insurers will want to know about your company before approving you for cyber insurance. 

What does cyber insurance cover?

A cyber insurance policy can provide you with a range of coverage options to help protect you from data breaches and other cyber security issues.

Cyber insurance is also called cyber risk insurance or cyber security insurance. 

It will usually cover cyberattacks and data breaches that involve sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.  

Cyber liability coverage may include: 

  • The cost of investigating a data breach
  • The cost of notifying your customers and the authorities
  • Legal fees and compensation costs in case you get sued
  • Legal fees if you face penalties by local or international authorities
  • Some regulatory penalties and fines
  • The costs of restoring lost data, systems, and your website
  • Income lost and extra expenses if your business is interrupted
  • PR/restoring your reputation and managing customer relationships

Make sure you read the details of your policy to see what it covers.

Who needs cyber insurance?

Any business that collects, stores and manages people’s personal data online, including contact information, sales records, credit card numbers, ID numbers and other personal information may be at risk of data breaches.  

Online retailers, healthcare and financial services and any other organization that store customer information on their websites can benefit from a cyber insurance policy. 

Want to clean up your emails for sensitive information?

With an analysis scan by DataMapper, you can have all Outlook accounts in your company scanned. You will receive key statistics on all (current and former) employees' emails - including information on which emails, employees and processes generate GDPR risk.

Do small businesses need cyber insurance?

Most of the high-profile breaches that make the news involve huge corporations, so it may surprise you to learn that 43% of all data breaches actually hit small and medium-sized businesses, according to Verizon’s 2022 Data Breach Investigations Report.

Small businesses are a favorite target for hackers, simply due to a lack of resources.

Most small businesses say they do not have an effective plan in place or funds set aside to protect against a cyber attack or remediate the damages of one.

Cyber insurance can help mitigate the devastating effects of cyber attacks and data breaches for small businesses

The lost revenue from business disruption and downtime, plus the reputational damage associated with data breaches can be especially devastating to new companies that are  struggling to establish themselves.

Cyber insurance can’t stop a cyberattack. But it can provide a safety net of coverage, plus expert help that could keep you from going out of business because of a data breach.

What do insurers want to see from your company?

Insurers will want to see what your company is doing to protect personal data and manage security risks online.  

Show them that you have policies and procedures in place to protect PII, plus technology/software to support your efforts.  

Insurers may want to see that you use:

  • Antivirus software

  • Regular system updates

  • Firewalls

  • Regular data backups to external media or a secure cloud service

  • User access rights and permissions policies

  • Multifactor authentication  

  • An incident response plan 

  • Cyber awareness training for employees 

Insurers can deny you coverage if you do not continue putting your security policies in practice during the entire duration of your policy.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

What scenarios will not be covered by a cyber insurance?

Your policy may exclude preventable security issues caused by human error and careless mishandling of personal data. The scenarios cyber insurance may not cover can include:

  • Current or past breaches and incidents
  • Incidents caused by employees or insiders
  • Problems caused by existing issues you’ve failed to correct

Get your security systems and procedures in order and keep them that way. This is a must, both to qualify for insurance and to continue to benefit from coverage.


Software as protection and as qualification

Although you are not required to use specific privacy software to qualify for insurance, using such tools is a great way to show insurers that you are doing your part. And automating your personal data management tasks reduces the risk of common human errors that could cause breaches and disqualify you from coverage.

At Safe Online, we develop tools that include log files and documentation so that you can demonstrate that you are a responsible data controller. Our tools are:

DataMapper - find your sensitive data
ShareSimple - send and recieve data securely in Outlook
RequestManager - process data subject requests easily

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →