Who Pays for Your Data Breach?

Sep 30, 2021 | Blog

We spend a lot of time working on cybersecurity for small and medium businesses and non-profits. We’re working to protect their networks and data from threats and intrusions–but no defense is perfect.

Now that every state has a breach reporting law in place, you will most likely need to respond to a breach. You will also likely need to do a forensic investigation to determine what was breached and what data was accessed. Then you will be responsible for sending out notifications if protected information was involved.

The investigation and notifications for even an extremely small company (10 or fewer employees) can easily run into the tens or hundreds of thousands of dollars. Do you want to pay for all of that out of your pocket?

Cyber Liability Insurance

A crucial part of any comprehensive data security plan needs to be a solid Cyber Liability insurance policy. Much like your standard auto insurance policy covers you in the event of an accident, your cyber policy will cover you in the event of a cyber incident.

Something you need to be aware of, though, is just because you have a policy, that doesn’t mean you are covered no matter what. Most policies require you to do commercially reasonable things to protect your data. This means things like:

  • Running anti-virus software
  • Installing a firewall
  • Having off-site backup for your data
  • Etc.

Not having these protections in place will likely lead to your claim being denied if you ever need it.  This is similar to common exclusions found in auto policies, such as no coverage if you are engaged in racing your vehicle.

Also, much like your auto policy, not every cyber policy is created equally. You need to make sure you go over your policy with a provider that takes the time to understand your business and your exposures. You might also need to get your IT provider involved to help answer some of the technical questions about your current cyber threat exposure.

Policy Coverage

We’re experts in IT, so we’ll let the insurance pros explain the coverage options and costs. We strongly recommend using an independent agent because they have access to more policies from a variety of providers. They will be able to find the policy that is the best fit for your business, but here are some things to consider:


Just like other types of insurance coverage you will likely have a deductible. The lower the deductible, the less you pay in the event of an incident, but you will pay more each month for coverage.

Coverage Caps

We’ve seen some policies with unexpectedly small limits on the coverage.  A good agent should be able to tell you if the policy meets your exposures.


You need to carefully read the items that are excluded from the policy and under what conditions. For example, we’ve seen policies that don’t cover things such as insider threats. Almost every policy will exclude items that you have not adequately defended against.

Ensuring You Have the Right Policy

Once again, you need to work closely with an insurance agent to make sure your cyber liability, and all your insurance policies, adequately cover you.  Review your coverage annually to ensure it is still right for you.  We consider a good cyber policy so important that we ask every prospective client about it during our prospect interview process.

If you are unsure if you are covered, or covered as much as you should be, we can help.  Reach out to us, and we can work with you and your insurance agent to help determine the right coverage for your business.  If you don’t have an agent that can write you a policy, we can help you find a good one that will.  We are here to help protect you and your business.

Contact us here  or call (844) 448-7767 for answers to your cyber insurance questions.