Unfortunately, cybersecurity threats are increasingly common. As a small business owner that interacts with customers and takes electronic payments, you’re at risk of a data breach, and the consequences can be steep.
According to a 2019 study, 41% of small businesses that suffered a data breach paid more than $50,000 to recover. Worse, 29% of customers said they would never go back to small businesses affected by a data breach, demonstrating how a single incident can cost you future business. Getting the appropriate coverage can protect your business—and help you recover.
We researched 15 top cyber insurance companies to help you find an insurer for your small business. We narrowed down the list based on the comprehensiveness of their cyber protections, reputations, and their ratings with AM Best, the renowned credit rating agency that primarily focuses on the insurance industry.
The 5 Best Cyber Insurance Companies of 2021
- Best Overall: AmTrust Financial
- Best for Healthcare Professionals: The Doctors Company
- Best for Law Firms: The Hartford Steam Boiler Inspection and Insurance Company
- Best for Nonprofits: CyberPolicy
- Best for Retailers: Travelers
Best Overall : AmTrust Financial
As a leading business insurance provider, AmTrust Financial is our pick for the best overall cyber liability insurer. There is no extensive application process for limits under $100,000, and its coverage includes website and offline media content and payment card industry (PCI) fines.
Limits as low as $50,000 available
Includes website media content liability
No application process for limits of $100,000 or below
Only available with a business owner’s policy or workers’ compensation package
Maximum limit of $1 million
Must contact agent for a quote
AmTrust was founded in 1998 and is now a global company with over 7,000 employees serving 70 countries. It offers a comprehensive range of business insurance products, including business owner policies, workers’ compensation, state disability, and specialty programs.
AmTrust’s cyber liability insurance must be purchased in conjunction with its AmTrust Package, business owner’s policy, or workers’ compensation policy; it cannot be bought as standalone coverage.
However, it’s an affordable add-on. AmTrust offers limits as low as $50,000, making it a good option for new small businesses. For limits of $100,000 or below, there is no application processing time. The maximum limit is $1 million with a completed application.
Your coverage includes:
- Customer notification services
- Call center services for 90 days (or longer, if required by law)
- Public relations and crisis management services
- Initial breach investigation and consulting for legal and forensic services
- Discretionary notice coverage
AmTrust’s cyber liability insurance also includes coverage for website media content liability. As businesses build their presence online, this coverage addresses risks associated with plagiarism, piracy, trademark infringement, libel, or slander related to your website content.
Unfortunately, you cannot get a quote online. AmTrust requires you to work with an agent to get a quote and sign up for coverage.
AmTrust Financial has a solid reputation for customer service, and AM Best gave the company an “A-” (Excellent) rating.
Best for Healthcare Professionals : The Doctors Company
Because healthcare professionals deal with more risks and regulations, our choice for the best cyber insurance company for this industry is The Doctors Company. Its CyberGuard Plus option offers up to $5 million in cyber liability insurance with comprehensive coverage.
Limits up to $5 million
Includes cyber extortion and website media content liability coverage
Other insurance options available for your business
Must already have a medical liability policy
Limited coverage available in California
Online quotes not available
Healthcare professionals deal with very sensitive patient information and are in a highly regulated industry. As such, physicians, surgeons, dentists, and other medical professionals likely need much higher cyber liability insurance limits than other businesses.
While many companies have a $1 million maximum, The Doctors Company’s CyberGuard Plus provides cyber liability insurance with limits ranging from $1 million to $5 million. Available only to members of The Doctors Company, CyberGuard Plus increases the limits you have on your medical liability policy for added protection.
However, the higher limits are not available to residents of California; the maximum limit for healthcare professionals there is just $1 million.
CyberGuard Plus contains the following coverage:
- Data security and privacy liability
- Privacy breach response services
- Regulatory defense and penalties
- Website media content liability
- Cyber extortion and ransomware
- First-party data recovery and restoration
- First-party network business interruption
- Patient notification services
The Doctors Company does offer other insurance products for your business, including medical malpractice insurance, professional liability insurance, and workers’ compensation coverage. You’ll need to call and speak with a representative to obtain a quote.
The Doctors Company is the largest physician-owned medical malpractice insurer in the country, with 80,000 members and $5.9 billion in assets. AM Best assigned the company an “A” rating.
Best for Law Firms : The Hartford Steam Boiler Inspection and Insurance Company
Law firms often deal with sensitive information and can be a target for cyber extortion attempts. That’s why we chose The Hartford Steam Boiler Inspection and Insurance Company (HSB) as the best cyber liability insurer for law firms. It has a stellar reputation as a company and a range of limits to choose from.
Coverage for cyber extortion and misdirected payments
Limits as low as $50,000
Access to risk management tools and training modules
$1 million limit maximum
Cannot be purchased as standalone coverage
Must contact an agent for package information
HSB was founded in 1866 and now focuses on specialty insurance and reinsurance coverage, including data and cyber risk, employment practices liability, contractors errors and omissions, and identity theft insurance.
HSB offers Cyber Suite protection for small to mid-sized businesses, including law firms. There is a wide range of limit options, making it a good choice for solo attorneys or small firms. HSB offers limits from $50,000 to $1 million, so you can choose a limit that meets your law firm’s needs.
The Cyber Suite coverage includes:
- Data compromise response services
- Data compromise liability
- Identity recovery services
- Computer attack restoration
- Misdirected payment fraud
- Computer fraud
- Cyber extortion
- Network security liability
- Electronic media liability
As a customer, you have access to HSB’s eRisk Hub, which contains risk management tools, self-assessments, training modules, and incident roadmaps.
Cyber Suite cannot be purchased as a standalone policy. Most business classes that are already HSB customers are eligible for Cyber Suite and do not have to complete a separate application. To get a quote and sign up for a plan, you’ll have to contact an agent.
AM Best gave HSB an “A++” (Superior) rating, the highest possible rating.
Best for Nonprofits : CyberPolicy
Nonprofit organizations are always on a tight budget, so we selected CyberPolicy as the best insurer for this category. As an insurance agency rather than a direct insurer, CyberPolicy allows you to get multiple quotes for cyber insurance, and coverage can begin within 24 hours.
You can get an instant quote online
Coverage can begin within 24 hours
You can purchase a standalone policy or insurance package
Not a direct insurance provider
You may not be able to purchase your policy online
Limited coverage options
Launched in 2016, CyberPolicy isn’t a direct insurer. Instead, it’s an online shopping platform. Customers can fill out a form and submit their information. They’ll get quotes back from multiple insurance companies, allowing them to compare coverages and pricing so they can pick the best policies for their needs and budgets.
Coverage limits are dependent on your business, location, and industry.
With CyberPolicy, you can purchase a standalone cyber liability insurance policy or bundle cyber insurance with professional liability, workers’ compensation, or general liability protection. CyberPolicy offers multi-policy discounts, so bundling your coverages can help you save money.
CyberPolicy allows you to get a quote for cyber liability insurance online. Your insurance will include the following:
- Legal and IT forensic support
- Data recovery experts
- PR and crisis management consultants
- Lost income support
- Credit monitoring for impacted customers
- Support to pay for regulatory fees
- Payment card loss penalty protection
In some cases, you can also buy your policy online. However, that feature isn’t available to everyone. Some users will have to call an agent to purchase coverage. However you buy it, your coverage can begin within 24 hours.
Policies are backed by major companies like Chubb, Hiscox, AmTrust, Liberty Mutual, Nationwide, and biBerk. All of these companies have “A” ratings or higher from AM Best.
Best for Retailers : Travelers
Travelers is our choice as the best insurer for retailers because it has an “A++” rating from AM Best and has coverage options for merchants of all sizes. It also gives businesses access to cybersecurity experts at no extra cost, and you can get discounted training and services from security software company Symantec.
Coverage available for companies of all sizes
Access to cybersecurity expert coaches at no extra cost
Discounted training and services provided by Symantec
Must work with an agent to get coverage
Only available with a business owner’s policy
Travelers paid its first insurance claim in 1855. Since then, it has become one of the largest insurance companies in the United States, with over 30,000 employees and $110 billion in total assets.
Travelers has several cyber insurance solutions for businesses of all sizes, from small, local businesses to Fortune 500 companies. The most affordable option for small business retailers is the CyberFirst Essentials plan. Under this plan, you’re covered for the following expenses:
- Customer breach notifications
- Credit card monitoring services
- Public relations consultant retainer
- Consulting and forensic fees to identify the cause of the data breach
- Defense and settlement costs if you’re sued
As a CyberFirst Essentials customer, you’re entitled to extra support services, like access to cybersecurity expert coaches at no extra cost. You can also take advantage of discounted services and trainings offered by security software company Symantec.
Unfortunately, CyberFirst Essentials is only available in conjunction with a business owners’ insurance policy; you cannot purchase it as a standalone policy. And, it doesn’t cover added costs like cyber extortion, media liability, or misdirected payments. If you want to get a quote, you can’t do it online; you have to work with an agent over the phone or in-person.
What Is Cyber Insurance?
Almost all small businesses communicate with vendors and customers electronically now. You likely use email, accept electronic payments, and store customer information. If so, you are at risk of getting hacked or being impacted by a virus. If that happens, your computer system could be affected, but your customers and employees could be at risk, too.
General liability insurance typically only covers bodily injuries and property damage resulting from your products or services; damages from cyberattacks are usually excluded. If you don’t have cyber insurance, you could be on the hook for the expenses yourself.
A cyber insurance policy generally covers the following:
- Legal services to meet state and federal regulations
- Notification expenses to alert customers that their information was compromised
- Lost income from network outages
- Lawsuits related to employee or customer privacy
- Regulatory fines from state or federal agencies
If your business is the victim of a data breach, how you must report the incident is dependent on your industry and state and federal regulations. For example, healthcare professionals are regulated by the Health Insurance Portability and Accountability Act, which includes extensive guidance on cyber security and breach reporting.
Most insurers will require you to have antivirus and firewall software in place before they will cover you, updated at least monthly.
What Is Not Covered by Cyber Insurance?
Like all insurance policies, there are exclusions to cyber insurance’s coverage. Cyber insurance policies typically do not cover potential future lost profits, loss of value due to theft of your intellectual property, and the cost of improving or upgrading your systems or security after a data breach.
How Much Cyber Insurance Do I Need?
Cyber insurance usually has limits ranging from $100,000 to $5 million per occurrence. Most small businesses choose policies with a $1 million limit. If you have a larger business or have a higher level of risk—such as a company that faces a potential lawsuit, handles a large amount of credit card transactions, or stores sensitive information—you may want a higher limit.
How Much Does Cyber Insurance Cost?
The cost of your cyber insurance policy is dependent on a range of factors, including your industry, the size of your business, and the amount of coverage you want. Businesses that handle a great deal of sensitive customer information, such as healthcare professionals, will typically pay higher rates.
Some insurers allow you to bundle cyber insurance with professional liability, general liability, or business owners' policies. In those cases, you may qualify for a multi-policy discount.
How We Chose the Best Cyber Insurance Companies
We chose the top five cyber insurance companies listed above after reviewing 15 well-known insurers, agencies, and brokers. We evaluated each one on its available cyber insurance policies, other insurance options, and its AM Best rating. In the case of agencies and brokers, we looked at the AM Best ratings of the third-party insurers the agency worked with; companies with less than an “A-” rating were immediately eliminated from the list.