Exclusive: Do businesses need cyber insurance in 2022?


Share this content


The world is becoming more data-oriented, especially as new business technologies emerge. Small businesses (SMBs) can leverage technology to increase their return on investment (ROI) and meet their bottom line.

There’s no denying that cybercrime is rampant and it’s here to stay. This can create new challenges for SMBs and managed service providers (MSPs). The number of cybercrimes is increasing over time and the COVID-19 pandemic has only put more pressure on companies in various industries to reconsider their cybersecurity measures.

Cyber insurance, also known as cyber-liability insurance, may be necessary for businesses, especially if they want to avoid paying high costs to recover from cybercrime. There are specific factors to consider before getting cyber insurance.

Here are the pros and cons of cyber insurance, some types of businesses that benefit from it and why they should consider getting a policy in 2022.

Overview of cyber insurance

The concept of cyber insurance is fairly straightforward. It’s a policy a company can hold that helps protect their organisation from the fallout of cyberattacks and other incidents, such as malware, viruses, phishing or social engineering tactics.

Any computer or network-based incident that impacts a company can be costly. For example, according to research from IBM, data breach costs increased from US$3.86 million to US$4.24 million in 2021. This is the highest average total cost of data breaches in 17 years since IBM began reporting.

The costs associated with recovering from a cyberattack are high, so it’s worth exploring the options available to prevent these attacks. Companies will use best cybersecurity practices, such as implementing firewalls, antivirus software, anti-malware software and other IT protection measures.

However, hackers are becoming more innovative in their tactics. It’s even been reported that they have leveraged artificial intelligence (AI) to maneuver their way into computer networks. Sometimes, these cybersecurity measures are not enough to truly protect an organisation.

Pros and cons of cyber insurance

The state of cybercrime today means the focus should be on not if a cyberattack will happen but when. This is why having protections in place is vital for all companies. Here are some of the pros and cons that companies should expect when implementing a cyber insurance policy.


According to Jack Kudale, Founder and CEO of Cowbell Cyber, cybersecurity insurance offers three types of crucial protections. They are:

  • A loss of revenue or other income due to cyber disruptions
  • Expenses incurred when recovering from a cyber incident
  • Liability from lawsuits filed by consumers impacted by a cyber attack

Two other important advantages of cyber insurance are that organisations recover from incidents more quickly and at reduced costs. Additionally, policies provide a safety net for organisations that transfer risk to a third party while establishing security controls.


Some of the disadvantages of cybersecurity insurance include high premiums — which are on the rise — and the idea that companies may never even need to file a claim. These policies can be complex and confusing, especially for smaller businesses without a dedicated IT department.

Some cyber insurance programs have exclusions or criteria that must be met before receiving coverage for a cyber incident. Brokers may not provide the value of certain policies, making it challenging for organisations to understand what they’ll get.

Overall, cyber insurance can be an effective way to protect an organisation. However, it’s not a panacea — companies can still implement a strong cybersecurity program to protect their assets, such as sensitive data, before deciding to open a policy.

Businesses that benefit from cyber insurance

Some industries are more susceptible to cyberattacks than others. For example, the healthcare industry stores sensitive, private patient information, which is a major target for hackers and other malicious actors.

Here are some of the types of businesses that should consider getting cyber insurance based on an increased chance of experiencing an attack.

  • Any business that stores important information online or on company devices
  • Businesses with large customer bases
  • Companies with valuable assets and high revenue

Healthcare providers, banks, law firms, hotels, retailers, charitable organisations and professional service providers are all examples of businesses that should consider protecting themselves with cyber insurance.

Most cyber insurance policies include coverage for property damage, intellectual property crimes, self-inflicted cyber incidents and the costs associated with implementing protective measures. That includes employee training or setting up a virtual private network (VPN).

Consider cyber insurance in 2022

Coverage varies based on the cyber insurance provider itself, so it’s worth researching which company offers the best bang for the buck.

Insurance agents can help companies determine which plan is most suitable to ensure the best coverage and protection. Cyber insurance in 2022 may be the last line of defence when businesses experience a cybersecurity incident.

Devin Partida is a technology writer and the Editor-in-Chief of the digital magazine, ReHack.com. To read more from Devin, check out the site.

Receive the latest breaking news straight to your inbox