How Much Coverage Should I Have For Cyber Insurance?

A few quick facts from 2021 cyber claims to help guide you:

Average cyber incident insurance payout: $160,000
Average cost to deal with a data breach$275 per lost or stolen record
Average ransomware demand
Average ransomware claim paid
$1,200,000
$184,000 (yes, the insurance company is good at negotiating the ransom down!)
Average funds transfer fraud claim paid$247,000

Since many cyber incident claims involve multiple types of losses at the same time, such as privacy breach, ransom, data restoration, reputational harm, business interruption and the potential for lawsuits, we recommend buying a limit high enough to pay several types of losses.

$250,000Coverage Minimum

A $250,000 cyber limit is the bare minimum amount we recommend you consider if you have up to 900 individual records with personal information, such as client records or credit card information, to have enough coverage to cover the average privacy breach claim.

A $250,000 limit is also the minimum amount needed to cover the average ransom payment and fund transfer fraud claim, provided you don’t have a cyber incident involving both of these claims.

A higher limit may be needed to adequately protect you if:

  • You experience a claim involving privacy breach expenses, ransom, or funds transfer fraud that is higher than the average claim.
  • You experience a claim that involves multiple types of losses at the same time, such as a privacy breach with ransom, business interruption, reputational harm, and data restoration costs.
  • You become subject to lawsuits because of a privacy breach, computer security failure, or allegations that your online content includes misappropriation of ideas, plagiarism, libel, slander, defamation, or copyright infringement. The bigger your online audience is, the greater this risk is for you.
  • The loss of business data, loss of use of your website or other online sales/services, and the reputational harm the release of stolen data may have could exceed $250,000.
  • You’re concerned about having multiple claims during the policy term. Repeat security breaches are not uncommon once hackers have identified a vulnerable target.