Top 10 cyber insurance providers in the US in 2022

Top 10 cyber insurance providers in the US in 2022 | Insurance Business America

Top 10 cyber insurance providers in the US in 2022

The rapid pace of digital transformation within businesses in recent years has also given rise to unique and evolving cybersecurity challenges, which have prompted companies to find new ways to protect themselves from damaging attacks.

For many US-based businesses, cybersecurity insurance has become a popular tool for managing risk. Recent figures from Statista show that of all cyber insurance premiums written in the country, more than three-fourths are under corporate insurance. The database firm also estimates that the cybersecurity insurance sector will grow into a $20 billion industry by 2025.

This growth, however, will be triggered mainly by the rise in the number and severity of cybercrimes – including data theft, system hacking, ransomware extortion, and denial of service attacks – especially among businesses that handle sensitive information.

Read more: Biggest cybersecurity challenges to watch out for in 2022

“Cybercrime is very opportunistic,” Nathan Little, vice-president of digital forensics and incident response at cyber risk management firm Tetra Defense, told consumer information website NerdWallet. “Every company, no matter what the size, is an opportunity for a cybercriminal to make some kind of money.”

But as cyber incidents increase in complexity, cybersecurity insurance providers are also making sure that they are offering businesses coverage that matches their changing needs.

What does cybersecurity insurance cover?

Cyber insurance is designed to protect businesses against financial losses resulting from cyber incidents. Policies typically provide two types of protection, namely first-party and liability coverage. Here’s what these different types of coverages pay out for.

- First-party coverage

This type of coverage pays out for the financial losses the business incurs due to a cyber incident, including the cost of responding to a data breach, restoring and recovering lost or damaged data, lost income resulting from business interruption, ransomware attack payments, and risk assessment of future cyberattacks. Most policies also cover the cost of informing customers about the incident and providing clients with anti-fraud services.

- Liability coverage

Also referred to as third-party liability coverage, this provides financial protection against lawsuits filed by third parties, including customers, employees, and vendors, for damages caused by a cyberattack on the business. Policies typically cover court and settlement fees, and regulatory fines.

Read more: Cyber insurance claims explode in severity

How much does cyber insurance cost?

The cost of cybersecurity insurance premiums is determined by a range of factors, including the size, nature, and location of the business. Data gathered by the small business information resource website AdvisorSmith shows that the average cost of cyber insurance in the US in 2020 was $1,485 annually. The firm, however, noted that due to the spate of cyberattacks in 2021, premium prices are likely to soar as well. Here are the states where cyber insurance premiums cost the most and the least, according to AdvisorSmith’s data.

States with the most expensive cybersecurity insurance

State

Annual average premiums

Difference from national average

Minnesota

$1,708.11

15.03%

Arkansas

$1,646.50

10.88%

West Virginia

$1,629.64

9.74%

Louisiana

$1,623.94

9.36%

New York

$1,616.70

8.87%

New Jersey

$1,615.25

8.77%

Connecticut

$1,593.62

7.42%

Kentucky

$1,587.10

6.88%

Arizona

$1,581.50

6.50%

Ohio

$1,553.68

4.63%

Source: AdvisorSmith

States with the least expensive cybersecurity insurance

State

Annual average premiums

Difference from national average

Michigan

$1,339.33

-9.81%

New Mexico

$1,355.36

-8.73%

Massachusetts

$1,380.59

-7.03%

South Carolina

$1,398.83

-5.80%

North Carolina

$1,421.49

-4.27%

Wyoming

$1,426.89

-3.91%

California

$1,430.18

-3.69%

New Hampshire

$1,431.99

-3.57%

Illinois

$1,434.59

-3.39%

Delaware

$1,446.47

-2.59%

Source: AdvisorSmith

Read more: Cyber insurance pricing 'no longer a black box'

Top cybersecurity insurance companies in the US

To find out the best insurance companies in the country offering cybersecurity protection, AdvisorSmith considered a range of factors that “reflect an insurer’s financial strength, customer satisfaction, and ease-of-use.” The resource website then used its proprietary algorithm to calculate the scores, with a rating of 5.0 being the highest. Here are the insurance providers that came out on top.

Rank

Insurer

AdvisorSmith rating

Policy name

Key coverage features

1

Hiscox

4.9

Cyber Security Insurance

  • Privacy, data, and network exposures
  • Costs to respond to a breach, including access to pre- and post-breach response services
  • Employee cyber training program includes certificates of completion
  • Costs of defending and resolving claims for statutory violations, negligence, regulatory investigations, and breach of contract
  • Optional coverage for cybercrime, cyber deception, social engineering, and business interruption
  • Worldwide coverage

2

Chubb

4.8

Cyber Enterprise Risk Management (Cyber ERM)

  • Coverage designed to address evolving regulatory, legal and cybersecurity standards
  • Easy-to-read form
  • Clearly labeled exclusions with competitive carve-backs
  • Payment card loss coverage built into the base form
  • Discovery-based coverage at a control group level
  • Enhanced business interruption and extra expense language coverage
  • Broadened definition of protected information includes biometrics, internet browsing history, and personally identifiable photos and videos
  • Extortion expenses explicitly include Bitcoin and other cryptocurrencies
  • Coverage territory applicable to anywhere in the world

3=

AIG

4.7

CyberEdge

  • Third-party claims arising from failure of the insured’s network security or a failure to protect confidential information
  • Investigation and defense of regulatory actions arising from failure of the insured’s network security or a failure to protect confidential information
  • Payment Card Industry Data Security Standard (PCI-DSS) assessments
  • Costs of notifications, public relations, and other services to assist in managing and mitigating a cyber incident
  • Legal consulting and identity monitoring costs for victims of a breach
  • Forensic investigation costs
  • Costs to restore electronic data
  • Business interruption and certain expenses due to a covered cyber event
  • Reimbursement of ransom payments

3=

The Hartford

4.7

CyberChoice

  • Data privacy and network security liability coverage
  • Coverage for privacy regulatory matters
  • Media liability coverage
  • Incidence response coverage
  • Cyber extortion coverage
  • Network asset restoration expenses
  • Business interruption costs
  • Dependent business interruption costs
  • Pre-claim assistance
  • Post-incident remediation expenses

5

CNA

4.6

Cyber Insurance

  • Network failure costs
  • Dependent business income
  • Wrongful collection coverage
  • Broad media coverage
  • E-theft and social engineering coverage
  • Reputational harm
  • Voluntary shutdown
  • Payment Card Industry (PCI) coverage

6=

Arch Insurance

4.5

Arch Netsafe 2.0

  • System failure coverage
  • Dependent business interruption coverage
  • PCI-DSS assessments and regulatory fines and penalties
  • First-party data incident response expense
  • “Bring Your Own Device” included within computer system definition
  • Carve-back for cyberterrorism
  • Carve-back to the contract exclusion for PCI
  • Data security and non-disclosure agreements
  • Media liability coverage
  • Coverage available for business interruption and cyber extortion

6=

Hanover

4.5

Cyber Advantage

  • Privacy and security liability
  • Breach event expense
  • Breach reward expense
  • Cyber business interruption and extra expense
  • Cyber extortion response costs
  • Cyber theft
  • Breach at a third-party
  • Cyber media liability
  • Fines and penalties

8

Intact

4.4

Privacy Breach Coverage

  • Remediation expense coverage
  • Business interruption coverage
  • Legal expense coverage
  • Worldwide coverage for up to 60 days
  • Cyber extortion
  • Smart phone coverage

9=

Axis

4.3

Axis Cyber Insurance (ACI)

  • Business interruption:
  • Includes voluntary shutdown of the business’ network
  • Generous period of restoration up to 180 days
  • Reputational harm coverage for 12 months
  • Forensic accounting costs to prepare proof of loss documentation
  • Interim payments to increase the speed with which claims are covered
  • Other first-party coverage considerations:
  • Coverage for undiscovered cyber events
  • Most cover is on a “Pay” rather than “Reimburse” basis to help manage cash flow following a cyber incident
  • Data recovery includes upgrades
  • Funds to replace electronic devices and equipment
  • Cybercrime cover for social engineering, business email compromise, cryptojacking, and theft of telecommunications services
  • General coverage considerations:
  • Privacy regulatory cover includes GDPR and CCPA and other consumer privacy protection laws
  • Cover for private actions under BIPA and other law regulating collection and use of biometric information available by endorsement
  • Privacy incident includes all activities regulated under a privacy regulation
  • PCI-DSS covers card re-issuance costs, fraud, and administrative reimbursement assessments, forensic investigation costs, fines, and penalties
  • Cyber terrorism

9=

Beazley

4.3

Beazley Breach Response (BBR)

  • Up to $5 million coverage for data breach notification and credit/identity monitoring
  • Privacy breach response services include:
  • Legal and computer forensic services
  • Discretionary notice to individuals potentially affected by the breach
  • Resolution and mitigation services,
  • Identity theft-related fraud resolution services
  • 12 free months of identity monitoring
  • Theft, loss, or unauthorized disclosure of information held by business associates for organizations required to comply with the Health Insurance Portability and Accountability Act (HIPAA)
  • Third-party coverage includes:
  • Third-party information security and privacy coverage with up to $15 million in limits in addition to the breach response coverage
  • Regulatory defense and penalties
  • Website and offline media liability
  • PCI fines, penalties, and assessments
  • Cyber extortion
  • First-party business interruption and data protection with limits up to $15 million.