Cyber insurance is more than just a trending topic. Yet with all the buzz, there remains much uncertainty around it. Let’s take a deep dive into some of the biggest misconceptions and what you really need to know when it comes to purchasing a cyber insurance policy for your business.

1. Cyber insurance is not for small businesses

Typically, we associate cyber attacks and security breaches with mid-market and enterprise-level organizations. But the truth is businesses of all sizes can benefit from cyber insurance. According to Forbes, “Cyber attacks on all businesses, but particularly small to medium-sized businesses, are becoming more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves.”

In 2023, the question should really be, can you afford not to have cyber insurance? The impact that a cyber incident can have on your company’s reputation and financials can be incredibly damaging. Small businesses may have difficulty recovering and need to close their doors for good. As Cyber Security Magazine states, “83% of small and medium-sized businesses are not financially prepared to recover from a cyber attack.”

Bottom line: Businesses of all sizes can benefit from cyber insurance.

2. It’s completely unaffordable and out of reach

While some cyber insurance policies can be incredibly costly, several options exist, from small agencies to household names. Cost will vary based on a multitude of factors, including your cybersecurity posture and the volume of risk your business carries. You can help ensure lower costs for your policy by having visibility to your sensitive data. The more sensitive data you carry, the higher the cost of a policy. Tools like RiskAware can quickly calculate the volume of a company’s sensitive information and break it down by the total dollar amount. The total value can help insurance carriers provide more accurate quoting for your policy, and can also inspire you to take action to reduce your risk.

3. Cyber Insurance is included in your general policy

Not all insurance policies are created equal and many general business policies don’t cover cyber insurance at all. For those that do, they typically only cover a small amount, and only for very specific incidents. Having a separate cyber insurance policy can help with events such as notifying customers of a data breach, restoring personal identities of affected customers, recovering compromised data, and repairing damaged computer systems.

Furthermore, many business leaders might not realize that some states actually require these things to be done in the event of an attack. These can quickly become expensive and time-consuming. Do yourself a favor and research what your current business policies do and do not cover.


Maybe you’re vigilant with the websites you visit, the strong passwords you create, and the anti-virus programs you have. While these are all great practices, they aren’t tough enough to withstand a cyber event on their own. You need that second line of defense — a backup plan when things take a turn for the worse.

As we all become more connected in our digital lives, you can expect bad actors to become more sophisticated, too. Even if you’re not quite ready to purchase a cyber insurance policy, get proactive about understanding your risk factor so that you’re better prepared in the event of a cyber incident.