Why you can trust ZDNet
ZDNet independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission.Our process
'ZDNet Recommends': What exactly does it mean?
ZDNet's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNet nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNet's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
Cyber insurance is quickly becoming a must-have amid cybercrime, ransomware, and daily threats. But wading through insurers can be a bit daunting.
For large enterprises, cyber policies are increasing the cost of doing business. Large firms such as Equifax, Marriott, and SolarWinds all had coverage to cushion their hits from high-profile data breaches. Smaller enterprises may not have the coverage.
According to NAIC, AXA is the cyber insurance market share leader based on standalone policies. AXA's cyber insurance covers North America and writes policies for data breach response and crisis management, privacy and security liability, business interruption, data recovery, cyber extortion and ransomware, and PCI among others.
Cowbell Cyber aims to automate data collection with its cloud platform, provide observability and monitoring, and then combine it all with risk scoring, actuarial science, and underwriting. The company recently raised $20 million in venture funding.
The company's portfolio includes cybersecurity awareness training, continuous risk assessment, and pre- and post-breach risk improvement services. Cowbell Cyber also has a free risk assessment service called Cowbell Factors, which adds a freemium element to selling cyber policies.
Corvus has a host of business insurance products, but also has a bevy of first-party cyber insurance offerings for business interruption, system failure, cyber extortion and ransomware, and breach response and remediation, just to name a few.
The company, which recently raised $100 million in venture funding, uses a broker-focused approach to use AI to analyze data to predict and prevent loss. The data Corvus brings together helps policyholders, underwriters, brokers, and reinsurers address market requirements. Phil Edmundson, CEO of Corvus, said that artificial intelligence and data science can simplify the cyber insurance workflow. "If you try to read a cyber policy, even knowledgeable people would find it challenging," he said.
Travelers takes a broader approach to cyber insurance, with plans designed to mitigate risks for companies of all sizes. The insurer has cyber insurance plans for technology companies, public entities, and SMBs.
The company bundles pre- and post-breach services provided by Symantec, as well as a hub to evaluate risks.
Travelers' policies fall into these categories:
CyberRisk, a broad policy for companies of all sizes that can be standalone or part of another liability policy.
Compared to the big insurers, Beazley isn't a household name, but NAIC rates the firm No. 4 with 11.2% market share just behind Travelers.
Beazley's headliner is Beazley Breach Response, which is a customized policy based on a company's situation. Beazley claims to be the "world's best designed cyber insurance solution." Beazley also covers breach response services for up to five million people.
For companies in specific industries, Beazley looks like an option. Beazley counts healthcare, higher education, hospitality, financial services, and retail as target industries.
Allianz provides cyber insurance on a standalone basis, but is now partnered with Google Cloud along with Munich Re under a program called Cloud Protection +. The pairing is likely to move Allianz, as well as partner Munich Re, up the cyber insurance rankings.
While the big-name insurers are going after the large enterprises, mid-market companies may gravitate toward a specialist. Mid-market companies often have their own tech providers, since they are often ignored by large enterprise vendors.
Cyber insurance companies may also shortchange the mid-market. Resilience offers cyber insurance with a few interesting perks. First, it combines insurance and expertise like the large players. And second, Resilience includes a program where customers can earn credit to put toward security services and products.
Hiscox specializes in cyber insurance for small businesses. The firm is spending heavily on marketing, but is worth a look. The company offers a training academy to shore up small business defenses, or what it calls the "human firewall."
According to Hiscox, its cyber insurance covers lost business revenue and data recovery costs, money lost to phishing, defense against fines and privacy lawsuits, and breach response. The Hiscox policies also include digital media upgrades. However, they do not cover criminal action, fund transfer, infrastructure interruption, or prior acts of knowledge.
While cyber insurance may become part of a tech bundle, or at least easier to acquire, there will be multiple players gunning for policies in a fragmented market. Reportlinker projects that cyber insurance will be a $70.6 billion global market in 2030, up $5.6 billion in 2019.
In any case, cyber insurance scouting needs to commence for businesses. According to the National Association of Insurance Commissioners (NAIC), the top 20 cyber insurance providers accounted for 92% of the market in the US.
More notable providers
There is a bevy of other providers -- and many insurers offer cyber insurance as part of a broader package of business offerings. Among those that looked interesting: