Skip to main content

Have you considered applying for cyber insurance?

Experts say it’s no longer a question of if, but when your company will be affected by a breach. Considering the high risk and potentially devastating consequences of a data breach or cyber-attack, more and more companies are turning to cyber insurance for protection. But is it something small businesses really need? Does your company meet the criteria to qualify for cyber insurance? What do cyber insurance companies want from clients? 

Let’s look at what cyber insurance can offer SMBs and what insurers will want to know about your company before approving you for cyber insurance. 

What does cyber insurance cover?

A cyber insurance policy can provide you with a range of coverage options to help protect you from data breaches and other cyber security issues. Cyber insurance is also called cyber risk insurance or cyber security insurance.  It will usually cover cyberattacks and data breaches that involve sensitive customer information, such as Social Security numbers, credit card numbers, account numbers, driver’s license numbers and health records.

Cyber liability coverage may include: 

  • The cost of investigating a data breach
  • The cost of notifying your customers and the authorities
  • Legal fees and compensation costs in case you get sued
  • Legal fees if you face penalties by local or international authorities
  • Some regulatory penalties and fines
  • The costs of restoring lost data, systems, and your website
  • Income lost and extra expenses if your business is interrupted
  • PR/restoring your reputation and managing customer relationships

Make sure you read the details of your policy to see what it covers.

Start your GDPR cleanup where it is needed the most

Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.

Who needs cyber insurance?

All companies keep business secrets of one kind or another, and therefore almost all companies will be able to benefit from cyber insurance. But any business that collects, stores and manages people’s personal data online, including contact information, sales records, credit card numbers, ID numbers and other personal information, could be particularly vulnerable in the event of a cyber attack.

Do small businesses need cyber insurance?

Most of the high-profile breaches that make the news involve huge corporations, so it may surprise you to learn that 43% of all data breaches actually hit small and medium-sized businesses, according to Verizon’s 2022 Data Breach Investigations Report.

Small businesses are a favorite target for hackers, simply due to a lack of resources. Most small businesses say they do not have an effective plan in place or funds set aside to protect against a cyber attack or remediate the damages of one.

The lost revenue from business disruption and downtime, plus the reputational damage associated with data breaches can be especially devastating to new companies that are  struggling to establish themselves.

Cyber insurance can’t stop a cyberattack. But it can provide a safety net of coverage, plus expert help that could keep you from going out of business because of a data breach.

Cyber insurance can help mitigate the devastating effects of cyber attacks and data breaches for small businesses

What do insurers want to see from your company?

Before you can acquire a cyber insurance, insurance companies will make demands on your company when it comes to protecting personal data and your company’s IT security. As a company, you should be in control of your data policies and have procedures in place to protect personal information and software that supports your efforts. Here are examples of what insurance companies can demand:

  • Antivirus software
  • Continuous system updates
  • Firewalls
  • Regular backup of data to external media or a secure cloud service
  • Access control
  • Multi-factor authentication
  • An emergency plan in the event of a data breach
  • Securing physical IT equipment
  • Awareness training

Insurance companies may deny you coverage if you do not make sufficient efforts to protect your sensitive data.

Get our Newsletter!

In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.

When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.

What scenarios will not be covered by a cyber insurance?

Your policy may exclude preventable security issues caused by human error and careless mishandling of personal data. The scenarios cyber insurance may not cover can include:

  • What is covered and not covered by cyber insurance?”>Current or past breaches and incidents
  • What is covered and not covered by cyber insurance?”>Incidents caused by employees or insiders
  • What is covered and not covered by cyber insurance?”>Problems caused by existing issues you’ve failed to correct
Get your security systems and procedures in order and keep them that way. This is a must, both to qualify for insurance and to continue to benefit from coverage.

Software as protection and as qualification

Although you are not required to use specific privacy software to qualify for insurance, using such tools is a great way to show insurers that you are doing your part. And automating your personal data management tasks reduces the risk of common human errors that could cause breaches and disqualify you from coverage.

At Safe Online, we develop tools that include log files and documentation so that you can demonstrate that you are a responsible data controller. Our tools are:

DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily

Sebastian Allerelli

Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →


How to handle sensitive personal data


How to find personal data with datamapping tool


How to prepare for a data audit