In the world of insurance, new risks are constantly emerging, but few have grown in both scale and impact as rapidly as cybercrime.
As businesses increasingly rely on cloud platforms, remote work infrastructure, and interconnected devices, their vulnerability to cyber threats grows dramatically. According to the FBI’s 2024 Internet Crime Report, cybercrime losses in the U.S. hit record highs: over 859,000 complaints and $16 billion in reported losses, marking a 33% increase from the year before.
And yet, many businesses and individuals remain underinsured or completely unprotected.
Let’s break down what cyber insurance actually is, the types of coverage available, and how to make sure you’re adequately protected.
What are Cybercrimes?
Cybercrimes are digital threats that can cause severe financial, legal, and operational damage to individuals and businesses alike. Cyber insurance helps protect against the fallout from these incidents, which often include:
- Data breaches – Unauthorized access to sensitive personal, financial, or business information, often resulting in exposure or theft.
- Ransomware attacks – Malicious software that locks or encrypts your systems and demands payment to restore access.
- Cyber extortion – Threats to damage, release, or withhold data unless a ransom is paid, often tied to hacking or data theft.
- Phishing or spoofing – Deceptive emails or websites designed to trick users into giving up passwords, financial data, or wiring funds.
- Downtime and lost revenue due to cyber events – Business interruption from system failures or breaches, leading to lost productivity and income.
Types of Cyber Insurance Coverage
Cyber policies typically fall into two major categories, and both are essential for well-rounded protection:
1. First-Party Coverage (Protects you): This type of coverage addresses the direct financial and operational impact on you or your business when a cyber incident occurs, including:
- Business interruption from a cyber event
Example: Your e-commerce site is taken offline by a DDoS attack, resulting in a week’s worth of lost sales. - Data restoration and digital asset recovery
Example: A ransomware attack corrupts your customer database, requiring professional services to recover lost records and software. - Cyber extortion/ransomware response
Example: Hackers lock your internal systems and demand a $50,000 ransom to restore access. The policy covers negotiation and payment. - Reputation management services
Example: Following a data breach, a PR firm is hired to manage media messaging and customer communication to protect your brand. - Fraudulent wire transfer or phishing losses
Example: An employee is tricked into wiring $75,000 to a fake vendor due to a phishing email impersonating the CEO.
2. Third-Party Liability Coverage (Protects you from others’ claims): This coverage helps protect your business from legal and regulatory consequences if others are affected by a breach involving your systems and includes:
- Privacy and network security liability
Example: Hackers steal client information from your servers, and affected clients sue for damages due to lost data. - Regulatory fines and legal defense
Example: You are investigated and fined by the state attorney general after a data breach involving personal health information. - Lawsuits from customers or vendors
Example: A software flaw in your platform exposes a vendor’s sensitive data, leading them to file a negligence lawsuit.
Cyber Endorsement vs. Cyber Policy
Many business owners believe they’re protected against cyber attacks because their general business insurance includes a “cyber endorsement,” a small add-on to a standard business insurance policy—such as a Business Owners Policy (BOP)—that provides basic cyber protection. It usually comes with limited coverage and lower payout limits.
A cyber policy, on the other hand, is a standalone policy built specifically to cover cyber risks. It offers broader protection and much higher limits, making it a better fit for businesses that rely on technology or handle sensitive data.
While a cyber endorsement can be a good, budget-friendly starting point, it often isn’t enough for businesses facing serious cyber threats.
To truly be protected, your policy should include:
- Coverage for your own losses (first-party)
- Coverage if others sue you (third-party)
- Protection against scams like social engineering
- Business interruption coverage if your systems go down
What Is Social Engineering?
Social engineering is when a scammer pretends to be someone you trust, like a client, vendor, or even your boss, to trick you into doing something, like sending money or revealing information.
Real World Example:
Jessica, who handles payments at her company, gets an email from what looks like a regular client.
They ask her to send a $45,000 payment to a new bank account. Everything looks normal—logo, wording, even project details. She sends the money. A week later, the real client asks why they haven’t been paid.
The email was a scam.
The money’s gone. And their insurance didn’t cover it.
The Bottom Line: If your cyber policy doesn’t specifically list social engineering, and doesn’t cover both your losses and liability to others, you probably don’t have enough protection.
Personal Cyber Insurance Is on the Rise Too
Cyber risks aren’t just for businesses. Individuals and families face growing threats from:
- Smart home device hacks
- Online scams and phishing
- Identity theft and financial fraud
- Cyberbullying or doxxing
Personal cyber insurance coverage can include:
- Digital asset loss
- Identity theft recovery
- Online extortion response
- Cyberbullying support services
This coverage is especially important for high-net-worth individuals and families with connected home tech, online investments, or reputational exposure.
If you haven’t looked into cyber insurance yet, now’s the time. Protect what you’ve built, both at work and at home.
Deland, Gibson Insurance: Providing You Peace of Mind
Deland, Gibson: A Trusted Choice, Five Star Accredited independent insurance agency. Established in Massachusetts in 1900, Deland, Gibson is a 4th-generation family-run insurance agency that has thrived working as a trusted advisor for its client base. We work with individuals and businesses to lower their Total Cost of Risk. We analyze a client’s direct and indirect costs and implement risk reduction plans to address areas of business, hazard, or strategic risk.