X
Tech
Why you can trust ZDNET : ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission. Our process

'ZDNET Recommends': What exactly does it mean?

ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.

When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.

ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.

Close

The best cyber insurance in 2021: Protect your business

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.
Written by Larry Dignan, Contributor
AXA | Features risk mitigation tools
axa-cyber-insurance-review.png
AXA
Features risk mitigation tools
View now View now
AIG | Three flavors of cyber insurance
aig-cyber-insurance-review.png
AIG
Three flavors of cyber insurance
View now View now
Cowbell Cyber | Next-gen cyber insurance provider
best-cyber-insurance-cowbell-cyber-review.png
Cowbell Cyber
Next-gen cyber insurance provider
View now View at Cowbell Cyber
Corvus | AI and data science can simplify cyber insurance
best-cyber-insurance-corvus-review.png
Corvus
AI and data science can simplify cyber insurance
View now View at Corvus
Travelers | Options for SMBs too
travelers-cyber-insurance-review.png
Travelers
Options for SMBs too
View now View now
Beazley | Big in cyber insurance
beazley-cyber-insurance-review.png
Beazley
Big in cyber insurance
View now View now
Allianz | Partnership with Google Cloud
allianz-cyber-insurance-review.png
Allianz
Partnership with Google Cloud
View now View now
Resilience | Targeting the mid-market companies
reslience-cyber-insurance-review.png
Resilience
Targeting the mid-market companies
View now View now
Hiscox | Specializes in small businesses
hiscox-cyber-insurance-review.png
Hiscox
Specializes in small businesses
View now View now
Show more (4 items)

Cyber insurance is quickly becoming a must-have amid cybercrime, ransomware, and daily threats. But wading through insurers can be a bit daunting.

For large enterprises, cyber policies are increasing the cost of doing business. Large firms such as Equifax, Marriott, and SolarWinds all had coverage to cushion their hits from high-profile data breaches. Smaller enterprises may not have the coverage.

With that in mind, I went shopping. 

Also: What is cyber insurance? Everything you need to know | Cyber insurance roundtable: Why cyber insurance has a supply issue

According to NAIC, AXA is the cyber insurance market share leader based on standalone policies. AXA's cyber insurance covers North America and writes policies for data breach response and crisis management, privacy and security liability, business interruption, data recovery, cyber extortion and ransomware, and PCI among others.

AXA also provides risk mitigation resources via partners, as well as an online service called CyberRiskConnect. Here's a sample policy

AIG's cyber insurance can be used standalone, or added to an existing policy as an endorsement. AIG also offers three cyber insurance products:

  • CyberEdge, which covers the financial costs due to a breach, as well as first-party costs.
  • CyberEdge Plus, which covers physical world losses caused by a cyber event, including business interruption and property damages.
  • CyberEdge PC, which can be added to traditional property and casualty policies.

AIG also offers threat scoring and analytics, as well as tools to prevent attacks. AIG has a network of vendors to restore and recover, too.

Cowbell Cyber aims to automate data collection with its cloud platform, provide observability and monitoring, and then combine it all with risk scoring, actuarial science, and underwriting. The company recently raised $20 million in venture funding

The company's portfolio includes cybersecurity awareness training, continuous risk assessment, and pre- and post-breach risk improvement services. Cowbell Cyber also has a free risk assessment service called Cowbell Factors, which adds a freemium element to selling cyber policies. 

Corvus has a host of business insurance products, but also has a bevy of first-party cyber insurance offerings for business interruption, system failure, cyber extortion and ransomware, and breach response and remediation, just to name a few.

The company, which recently raised $100 million in venture funding, uses a broker-focused approach to use AI to analyze data to predict and prevent loss. The data Corvus brings together helps policyholders, underwriters, brokers, and reinsurers address market requirements. Phil Edmundson, CEO of Corvus, said that artificial intelligence and data science can simplify the cyber insurance workflow. "If you try to read a cyber policy, even knowledgeable people would find it challenging," he said.

Travelers takes a broader approach to cyber insurance, with plans designed to mitigate risks for companies of all sizes. The insurer has cyber insurance plans for technology companies, public entities, and SMBs.

The company bundles pre- and post-breach services provided by Symantec, as well as a hub to evaluate risks. 

Travelers' policies fall into these categories:

 

Compared to the big insurers, Beazley isn't a household name, but NAIC rates the firm No. 4 with 11.2% market share just behind Travelers.

Beazley's headliner is Beazley Breach Response, which is a customized policy based on a company's situation. Beazley claims to be the "world's best designed cyber insurance solution." Beazley also covers breach response services for up to five million people. 

For companies in specific industries, Beazley looks like an option. Beazley counts healthcare, higher education, hospitality, financial services, and retail as target industries. 

Allianz provides cyber insurance on a standalone basis, but is now partnered with Google Cloud along with Munich Re under a program called Cloud Protection +. The pairing is likely to move Allianz, as well as partner Munich Re, up the cyber insurance rankings. 

While the big-name insurers are going after the large enterprises, mid-market companies may gravitate toward a specialist. Mid-market companies often have their own tech providers, since they are often ignored by large enterprise vendors.

Cyber insurance companies may also shortchange the mid-market. Resilience offers cyber insurance with a few interesting perks. First, it combines insurance and expertise like the large players. And second, Resilience includes a program where customers can earn credit to put toward security services and products.

Hiscox specializes in cyber insurance for small businesses. The firm is spending heavily on marketing, but is worth a look. The company offers a training academy to shore up small business defenses, or what it calls the "human firewall."

According to Hiscox, its cyber insurance covers lost business revenue and data recovery costs, money lost to phishing, defense against fines and privacy lawsuits, and breach response. The Hiscox policies also include digital media upgrades. However, they do not cover criminal action, fund transfer, infrastructure interruption, or prior acts of knowledge.

The future of cyber insurance

I have a few working theories about the cyber insurance market:

  • This year -- 2021 -- will be the year that cyber insurance evolves significantly. It's possible that cyber insurance will become a requirement for businesses, much like home and auto.
  • The market is dominated by massive insurers targeting large enterprises, but there will be segments of the market targeting mid-sized and smaller businesses.
  • Cyber insurance could be part of a cloud services stack. For instance, Google Cloud's partnership with Munich Re and Allianz is a start, but cyber insurance could be resold by cloud providers, web hosting, and other parts of the business technology stack.
  • While cyber insurance may become part of a tech bundle, or at least easier to acquire, there will be multiple players gunning for policies in a fragmented market. Reportlinker projects that cyber insurance will be a $70.6 billion global market in 2030, up $5.6 billion in 2019.

In any case, cyber insurance scouting needs to commence for businesses. According to the National Association of Insurance Commissioners (NAIC), the top 20 cyber insurance providers accounted for 92% of the market in the US.

More notable providers

There is a bevy of other providers -- and many insurers offer cyber insurance as part of a broader package of business offerings. Among those that looked interesting:

Editorial standards