Cyber Insurance: What It Is, How to Get It
Any business with an internet connection is at risk of a data breach. Cyber insurance can help protect you.
Many, or all, of the products featured on this page are from our advertising partners who compensate us when you take certain actions on our website or click to take an action on their website. However, this does not influence our evaluations. Our opinions are our own. Here is a list of our partners and here's how we make money.
Updated · 4 min read
Written by
Lead Writer & Content Strategist 
Edited by
Senior Editor & Content Strategist Cyber insurance protects businesses against the financial losses that follow data breaches, hacking, ransomware extortion payments and more. If your small business stores sensitive information online or on a computer, you should have at least some cyber insurance coverage.
Some insurers offer data breach insurance as an add-on to a business owner’s policy, or BOP. That’s a good choice for most customer-facing small businesses. If you need more comprehensive coverage, you can buy an individual cyber insurance policy.
Here's what cybersecurity insurance covers and where you can get it.
Save up to 30% on business insurance
NerdWallet Small Business helps you get real-time quotes from 30+ insurers, and instant access to your Certificate of Insurance (COI) through our partner, Coverdash.
What is cyber insurance?
Cyber insurance protects your business from the fallout after someone steals your customers’ data. This is a relatively new kind of business insurance, so it isn’t as standardized as some other policy types.
Cyber insurance can come in several forms. These include:
- Data breach insurance. This coverage focuses on the unauthorized access or exposure of private data directly from your company. That could include your business’s financial data, customer credit card numbers or employee data, like Social Security numbers. It’s often available as an endorsement on a BOP.
- Cyber liability insurance. This protects your business if a third party sues you for damages as a result of a cybersecurity incident. It can pay for attorney and court fees, settlements and judgements and regulatory fines. You may be able to add this onto a general liability insurance policy or buy it separately.
- Technology errors and omissions. This specialized E&O insurance policy kicks in if one of your customers suffers a cybersecurity incident because of an error on your part. You should buy this coverage if your business manufactures a technology product or provides technology services. Most other businesses don’t need it, though.
What does cyber insurance cover?
Cyber insurance can pay out to cover ransom payments, investigation of a cyberattack, lost revenue while your business recovers, providing credit monitoring services for customers and more.
Data breach insurance is most commonly available as an add-on to a BOP. It can generally cover:
- Notification. Many states have requirements for how quickly businesses must notify affected customers. Data breach insurance can help pay for some or all of the cost of properly telling customers about the breach and explaining what information was stolen. Many policies also cover the costs of providing affected customers with anti-fraud services, like identity theft monitoring. This can also include public relations costs.
- Investigation. Data breach insurance can pay a third-party company to investigate the breach, determine how it happened and advise on how to prevent future incidents.
- Income loss. Some insurers offer additional policy coverage to replace lost income if you have to temporarily close your business after a data breach.
- Extortion threats. Some insurance policies will pay out to cover a ransom if it’s necessary to recoup your data. According to Verizon’s 2025 Data Breach Investigations Report, 88% of small-business data breaches involved ransomware. The median amount businesses paid in ransoms was $115,000.
Cyber insurance usually includes the data breach coverages above. It also usually contains “cyber liability insurance," which covers the costs below, These are similar to the expenses covered by general liability insurance. But general liability policies usually exclude coverage for data-breach-related liability claims.
Cyber liability insurance covers:
- Attorney and court fees. Cyber insurance can cover the cost of defending your business in court or arriving at a settlement.
- Settlements and court judgments. If a court finds your business liable, your cyber liability policy can help cover the cost of your settlement or punitive judgement.
- Regulatory defense. This might include the cost of hiring attorneys to work with regulators, then paying the fines and penalties they order up to the policy limit.
What does cybersecurity insurance exclude?
Cybersecurity insurance does not pay for:
- Property damage. Cybersecurity insurance generally doesn’t pay for any property damage stemming from a data breach or cyberattack, like hardware that was fried during the incident. These sorts of claims are usually covered by commercial property insurance.
- Intellectual property. IP theft and any lost income associated with it are usually excluded from cybersecurity insurance coverage.
- Crimes or self-inflicted cyber incidents. If an employee steals data from your business’s servers or makes it possible for someone else to do so, cyber insurance probably won’t cover you. Commercial crime insurance covers theft by employees.
- Costs for preventive measures before an attack happens. Steps to help you avoid a future cyberattack, like training employees on cybersecurity and setting up a virtual private network, aren’t covered by insurance. They might help reduce your premiums, though.
What is tech E&O insurance?
Tech E&O insurance is relevant if you design or manufacture technology-related products, including software, or perform technology services for clients. Your business needs it if, for example, you develop software or perform IT services.
Other companies generally need straightforward cyber insurance policies or E&O policies, not tech E&O policies.
Which businesses need cybersecurity insurance?
Cyber threats don’t apply only to large companies — the FTC says they’re a problem for companies of all sizes. But cyber insurance is especially important if:
- Your business stores customer data. If your business keeps records of phone numbers, credit card numbers or Social Security numbers — either in the cloud or on a local network — you are at risk of a cyberattack. You should consider data breach insurance.
- Businesses with lots of customers. Notifying customers of data breaches is often required by state law, and first-party policies can cover this cost, which can be significant for companies with large customer bases.
- Businesses with high revenue or valuable digital assets. The costs associated with cyber incidents can be difficult to predict, and larger companies are likely to have more valuable data, which could come with a more expensive ransom.
If you aren’t sure about whether you need cyber insurance, talk to a local business insurance agent. They can help you assess your risk level and understand how much coverage might cost.
Save up to 30% on business insurance
NerdWallet Small Business helps you get real-time quotes from 30+ insurers, and instant access to your Certificate of Insurance (COI) through our partner, Coverdash.
Best cybersecurity insurance options
Consider the following business insurance companies for your cyber insurance coverage.
Why trust NerdWallet
Chubb
Chubb’s Cyber ERM (Enterprise Risk Management) policy can help protect your business finances in the face of lots of different costs. It covers ransom payments, data recovery, customer notification and legal defense costs, if any. Plus, it can also pay out to help make up for the income your business loses while it recovers. You may be able to purchase a policy online. Read NerdWallet’s review of Chubb small-business insurance.
The Hartford
The Hartford allows you to tack data breach insurance onto a business owner’s policy or general liability insurance policy. Its cyber coverage can help cover the costs of notifying your customers of the hack, investigating what happened and defending your business in court, if necessary. Read NerdWallet’s review of The Hartford business insurance.
Do you need technology errors and omissions coverage? The Hartford offers that, too. Look for the FailSafe Technology Errors and Omission policy.
Travelers
Travelers offers a wide range of cyber insurance coverages, including cyber liability insurance tailored to a variety of fields and technology errors and omissions insurance. Smaller businesses may want to consider the company’s CyberFirst Essentials package, which covers data breach investigations, notifications to customers and legal defense and settlement costs. You’ll have to work with an agent to get a quote. Read NerdWallet’s review of Travelers business insurance.
How much does cyber insurance cost?
Coverdash, an online insurance broker, shared insurance cost data with NerdWallet in 2026. The median cyber insurance premium was:
- E-commerce merchants: $1,500 per year.
- Software publishers and small developers: $1,800 per year.
- Pre-seed startups: $2,000 per year.
For comparison: The median cost of a cyberattack in 2023 was a little more than $16,000, according to a survey from global insurer Hiscox. (The survey included data from eight countries, not just the U.S.). And 53% of firms were on the receiving end of cyberattacks. If your company faced a breach of that size, buying insurance could actually save you money — you’d pay far less in premiums than to recover from the attack.
Adding data breach insurance onto another policy is generally the cheapest way to get coverage. For instance, The Hartford says its average customer pays $320 for coverage. However, if you need liability coverage, you should consider a dedicated cyber insurance policy — even if it costs more.
How much cyber insurance coverage do you need?
Most small businesses carry around $1 million in per-occurrence and aggregate limits. That means your policy will cover up to $1 million for any single incident and a total of $1 million over the life of your policy, which is usually one year.
To figure out how high your limits need to be, think about how many records you store. According to IBM’s 2025 Cost of a Data Breach report, the cost of recovering from cyberattacks depends on what kind of data is stolen:
- Personally identifying information (PII) about employees: $168 per record.
- PII about customers: $160 per record.
- Anonymized customer data: $115 per record.
Industries with more PII on file tend to face costlier data breaches. According to the IBM report, healthcare and the financial sector paid the most on average to recover from data breaches. Retail and communications were near the bottom of the list.
Put all this information together as you decide how much coverage you need. An insurance agent can help you understand your risks and get specialized coverages if you need them.
Article sources
NerdWallet writers are subject matter authorities who use primary,
trustworthy sources to inform their work, including peer-reviewed
studies, government websites, academic research and interviews with
industry experts. All content is fact-checked for accuracy, timeliness
and relevance. You can learn more about NerdWallet's high
standards for journalism by reading our
editorial guidelines.
- 1. Federal Trade Commission. Cyber Insurance.
- 2. Hiscox. Hiscox Cyber Readiness Report 2023.
- 3. IBM. Cost of a Data Breach Report 2025.
