Is buying Cyber Insurance a Must Now?

Published: 2022-03-26
Last Updated: 2022-03-26 20:43:57 UTC
by Guy Bruneau (Version: 1)
1 comment(s)

"Cyber attacks are organizational risks that businesses can be exposed to with just an errant click of a mouse."[2]

I wrote a diary over 2 1/2 year ago about Cyber Insurance and I do see more articles about the benefits of getting it. This is based on the needs, the entities that requires protection and finally transfer some of the risks to an insurance company. This mean identify which data is critical to protect clients, partners and customers, where gaining unauthorized access to this data would result in business interruption. 

What are the things it can cover?

  • Covering direct costs responding to an incident 
    • Forensic analysis
    • Identify which records were leaked (personal or otherwise)
    • Containment
  • Lawsuits or claims resulting from a cyber incident
    • Legal fees (defence expenses)
  • Reputation management
    • Dealing with public relation 
  • Regulatory fines payments
    • Government penalties
    • Settlements 
  • Business interruption

More organizations are now dealing with ransomware and recovering from this type of attack is very costly and time-consuming. Cyber insurance cost will depend on the type of business and the level of cyber risks it is exposed to.

What is the cost of Cyber Insurance? AdvisorSmith Solution Inc. found that the average cost of a cyber liability policy in 2020 was $1,500 per year for $1 million in coverage, with a $10,000 deductible.[3]

According to Cloudwards, the cost of ransomware in 2021 cost the world $20 billion and expected to reach $265 billion by 2031. 32% of the victims paid the ransom and only 65% get their data back (it doesn't say in what condition).

I went back to the Cyber insurance website Zensurance that I used the last time to get a basic quote for a small IT company for 1 million in liability. This time around, this insurance company has way more categories & options to pick from. Here are a few of the options:

Finalize the policy

Are you using cyber insureance and for what kind of protection?


Guy Bruneau IPSS Inc.
My Handler Page
Twitter: GuyBruneau
gbruneau at isc dot sans dot edu

1 comment(s)


Please discuss the additional costs (and benefits) of typical policy requirements: compliance with standards, staffing technical qualifictions, etc. -- Gordon

Diary Archives