S3 logo

What is cyber insurance and why do you need it?

Similar to acquiring insurance for your car or home, cyber insurance, which is also known as cyber liability insurance and cybersecurity insurance, shields companies from the financial risks associated with the loss, theft, or compromise of data due to a cyberattack.
In a market report featured by CPO Magazine, which is dedicated to cybersecurity professionals, the cyber insurance market is estimated to grow to $20.4 billion by 2025, with an annual growth rate of 21.2%.

Why is cyber insurance so important?

It all comes down to cold, hard cash. Based on Security Boulevard’s estimates, a cyberattack occurs every 11 seconds. IBM and other technology providers outline that the average cost of a cyberattack in 2020 alone was estimated at $133 000. Deloitte has also outlined many additional below-the-surface costs that can truly break the bank. Read here for more details.
Cybercrime Magazine had profoundly startling words for business owners and managers: 60% of SMEs go out of business within six months of falling victim to a data breach or cyberattack. This is why cyber insurance is extremely important for companies to ensure their long-term viability.

How does cyber insurance work?

Cyber insurance is sold by various insurance companies that provide business-related insurance, including commercial property insurance, business liability insurance, and E&O insurance. Policies can offer both first-party coverage, which applies to losses to the company itself, and third-party coverage, which applies to losses incurred by, as the name suggests, third parties that have a relationship with said company.
Cyber insurance is increasingly incentivizing businesses that adopt proactive cyber threat mitigation and security strategies. However, when shopping for cyber insurance policies, keep in mind that insurance carriers have dissimilar metrics to measure cyber risks; there has yet to be any standardization. This means that cyber insurance carriers word their policies differently and premiums are calculated based on different factors. Read on for more details!

What types of cyberattacks does cyber insurance cover?

Here are just some of the few cyberattacks and security failures that can be covered by cyber insurance:

  • Malware (viruses, trojans, worms, ransomware, spyware, etc.)
  • Phishing (spear phishing, whaling, pharming)
  • Cyber extortion
  • Denial-of-Services (DoS) and distributed denial-of-service (DDoS) attacks
  • Zero-day exploits
      Due to their lucrative or politically motivated outcomes, cyberattacks are becoming increasingly varied and complex. Comprehensive IT hygiene and up-to-date security practices are key. However, even with the strongest cybersecurity approaches, companies remain vulnerable. This is why cyber insurance is gaining in popularity among businesses of all sizes.

      What does cyber insurance cover?

      Cyber insurance coverage depends on the carrier. In general, cyber insurance will protect a company from: network security and privacy liability, media liability, errors and omissions, and business interruption.
      These main coverage areas of cyber insurance can be broken down further to include data and identity restoration, IT forensics, negotiation and payment of ransomware demands, breach notifications to customers, public relations, credit monitoring services, setting up a support line or call center to deal with the aftermath, and, of course, legal expenses and loss of income.
      Some carriers offer add-ons to cyber insurance policies. For example, a company may want extra protection for social engineering damage, reputational harm, and the replacement cost of technology and/or equipment.

      How much does cyber insurance cost?

      Unfortunately, the answer is: it depends. A study conducted by Advisor Smith estimates that the average cost of cyber insurance is nearly $1500 per year. Cyber insurance in Canada can start for as little as $550, depending on coverage, according to CMB Insurance Brokers. Insurance Business Canada recommends taking the time to carefully evaluate cyber insurance offers from several carriers. The magazine has a hand tool here to compare 264 different cyber insurance products from providers across the country. Remember, the devil is in the details when it comes to cyber insurance coverage, which leads us to our next point….

      What affects a company’s cyber insurance cost?

      When shopping around for cyber insurance, one caveat: a company’s cyber liability insurance premiums and monthly costs are determined based on several business characteristics.

      Company size: It stands to reason that the more employees a company has, the greater the risk of a cyberattack. 95% of cybersecurity breaches are caused by human error. Even more alarming, a recent report showed that only 31% of employees get annual training on cyber security, which means many companies are not nearly as prepared as they should be. There are many security vulnerabilities caused by employees that companies can no longer ignore this aspect of their cybersecurity strategies.

      Industry: Cybercrime is projected to cost the world $10.5 trillion annually by 2025. Even billionaire Warren Buffett of Berkshire Hathaway indicated that cyberattacks are the number-one problem with mankind. The reason? Cybercrime is big bucks for several key industries. Think healthcare, financial and legal services, manufacturing, and government.
      Data volume and sensitivity: Small mom-and-pop shops, with a limited number of customers, will pay less for cyber insurance than, say, a multinational healthcare company that has sensitive personal data or an e-commerce juggernaut, like Amazon.

      Annual revenue: As a segue from the preceding point, hackers will be more prone to attacking a business that appears to be successful and profitable. On the flip side, carriers will require detailed information on a company’s revenues to set pricing with respect to cyber liability insurance.

      Cybersecurity measures: The robustness of a company’s cybersecurity measures, as mentioned before, will play a role in reducing its cyber insurance premiums. With no cyberattack resiliency plan in place, cyber insurance carriers are likely to hike up pricing. That is why it is so important for businesses to educate employees, invest in managed cybersecurity security services, and upgrade network infrastructure against security threats.

      Policy terms: As with any insurance policy, cyber insurance costs are impacted based on coverage limits, deductibles, and policy enhancements. A case in point? A lower deductible means you’ll pay less if ever you fall victim to a cyberattack; however, you’ll fork out for a higher premium.

      Now, more than ever before, Canadian businesses should be looking for more modern approaches to cybersecurity and risk management. As the Canadian Internet Registration Authority (CIRA) states, the adoption of cybersecurity insurance is growing with the number of cyberattacks. Companies must get serious about their cyber insurance policies. Read up on cyber insurance and must-have capabilities. Then, talk to S3 Technologies on how to build a rock-solid game plan to reduce your cyber insurance costs.

  • Marc Perras

    Vice-President, Sales

    Looking for a new IT Company?

    Schedule a 30-minute assessment with our experts to:

    • Review your current IT setup.
    • Review your current IT issues.
    • Discuss your IT needs
    • Confirm if and how S3 can help.

    "*" indicates required fields

    This field is for validation purposes and should be left unchanged.

    Contact Us


    "*" indicates required fields

    This field is for validation purposes and should be left unchanged.