Why you should consider cyber insurance

Cyber insurance, also known as cyber liability insurance, covers an organization’s liability for a data breach involving sensitive customer information. As security breaches continue to grow, businesses should operate under the assumption that they will be breached. This entails acquiring the appropriate processes and systems to offset the cost and response time of the incident.

The Ponemon Institute recently released the 2022 Cost of a Data Breach Study report, which states that the average total cost of a data breach is $4.35 million. Factors that impact the cost include the amount of time before the breach is identified, time spent on containing the breach, the amount of stolen or lost data, and technology investments to speed response time. Other factors that are harder to quantify like negative impact on reputation, cost of business disruption, and customer turnover.

Today, consumers are more aware of their personal data due to the prevalence of mega breaches. Take for example the Equifax breach where the personal and financial details of over 140 million U.S. consumers were stolen. The incident is estimated to have cost Equifax over $400 million, with over $100 million being covered by cyber insurance.

The breach was a result of failing to patch a known bug, but it was the lag in response time and delay in disclosing the leak that resulted in a serious public relations nightmare. The delay in disclosure has left many consumers weary of how organizations are protecting their data.

In the case of Equifax, the numbers were exorbitant. While for the average organization the cost will be a fraction of that, it can still be crippling. This is where preventative and proactive actions can minimize impact. A cyber insurance policy can ensure that the business will not be overwhelmed with costs associated with law suits, investigations, and downtime. Premiums are based on risk factors which can vary across organizations depending on the security policies in place. Investing in technologies such as password policy solutions to block the use of weak or leaked passwords, multi-factor authentication (MFA) to move beyond single points of vulnerability, and security automation tools to speed up incident response time, can decrease premiums.

As a fairly new discipline cyber insurance underwriters use qualitative assessments of a business’ risk-management procedures and risk culture. Having both preventative and proactive security measures can protect your organization in an assume breach world.

(Last updated on April 30, 2025)

Back to Blog

Related Articles

  • What breach disclosure requirements mean for your organization

    Following a data breach incident, organizations following compliance standards, such as HIPAA, need to follow certain data breach notification requirements. This post will summarize some of these requirements, as well as regional-specific disclosure responsibilities. For the purposes of this post, a data breach, is an incident “where personal data has been subject to unauthorised access,…

    Read More
  • [New research] How well does SHA256 protect against modern password cracking

    The Specops research team have previously published data on how long it would take for hackers to brute force hashed user passwords. We set up hardware to test two different algorithms: MD5 hashed passwords and bcrypt hashed passwords. Now, we’ll be putting the SHA256 hashing algorithm to the test, to see how long its hashed…

    Read More
  • [New research] Are VPN passwords secure? Two million malware-stolen passwords say no.

    Today, the Specops research team is publishing new data on VPN passwords that have been stolen by malware. In total, our threat intelligence research team found 2,151,523 VPN passwords that have been compromised by malware over the past year. These are all real stolen passwords chosen by end users to access VPNs, and they all…

    Read More