Cyber Insurance Summarized

Cyber as an insurance product has been around since the late 1990’s.

In the beginning, it was just known as cyber liability. The coverage was initially designed to pay a company’s legal costs if they were sued over a data breach. Over the years, cyber threats continued to evolve to a point that cyber crime is now the fastest growing type of crime in the world.

The main reason for this is that criminals have realized it is both safer, and far more lucrative to attack a business from behind a screen than in person. 

Increased Reliance on Technology

Almost every business relies on technology to operate today, and even small companies need basic systems like email, payment processing, and cloud storage to function effectively.

Hackers are targeting Vulnerable, not Valuable companies. Prioritizing volume rather than size has shifted the dynamic. The truth is that attackers don’t need to go after the biggest firms anymore. They go after the easiest opportunities. It’s like choosing between one $100 bill locked in a safe and five open boxes with $20 each. Smaller or mid-sized businesses still carry risk, and they’re usually easier to go after.

Businesses are facing risks that are new and constantly changing. A phishing email used to have grammatical errors and spelling mistakes which were easy to spot; now a cyber criminal can use AI deepfake technology to create a video chat with someone that looks exactly like a company’s CEO. The pace of change is exactly why the coverage is so important.   

What Does Cyber Insurance Cover?

For most businesses, the value of their intangible assets now far exceeds their physical ones. This has directly led to a significant increase in losses from ransomware, data theft, and system shutdown. To help business owners protect themselves, modern cyber insurance has now expanded to become “all risk”, meaning it covers any loss, theft or destruction of their intangible digital assets. A good policy helps in three areas:

1. Coverage for Intangible Assets: This includes everything from employee and customer information to critical business data and systems.
2. Protection against Cyber Crime: External examples of this could be ransomware, funds transfer fraud, and social engineering.
3. Vulnerability monitoring and immediate access to an incident response team when something goes wrong.

Cyber insurance often picks up areas lacking by other commercial policies. For example, standard business interruption coverage protects lost revenue from events like fires or floods, but usually excludes any tech-related shutdowns or supplier disruptions. If a supplier is hacked and can’t deliver their service, dependent business interruption coverage on a cyber policy will help cover the resulting lost revenue. Cyberattacks can also affect multiple locations at once, which only increases the loss. 

Why Does it Remain Unsold?

Despite everything up to this point, the statistics might be surprising that fewer than 10% of small/medium enterprises purchase a cyber policy.

There are a few key reasons why:

1. Clients are not properly informed by their broker
2. Business owners still don’t believe they have an exposure
3. Cost and perceived value of the product

Cyber is both a coverage and service product. It comes with a promise to protect, but where is the line between insurance and security? Between being proactive vs reactive? As things continue to develop, we start to see this line become increasingly grey. What is clear is that security and insurance are equally important for modern businesses. 

What Impacts Cost and Perception?

While the last point above focuses on cost as a primary contributor for slow growth in cyber; premiums are actually at an all-time low and coverage is broader than ever. The real challenge isn’t cost; it’s perception of value. Allianz ranked cyber incidents as the number one global risk in 2025. Just ten years ago it was ranked number eight. Cyber often costs less than many other types of commercial coverage, but getting people to see its value can be challenging because, as with most insurance products, the benefits aren’t immediately apparent. It often takes experiencing an event or breach to fully understand. In today’s environment, I believe it offers more value than almost any other policy a business can buy.

If cost does happen to be the main holdup, there are several ways for businesses to work with insurance companies to lower premiums.

Commonly recommended cybersecurity controls include:

• Email Security
• Multifactor Authentication (MFA)
• Endpoint detection and response (EDR) or managed detection and response (MDR)
• Segregated Data Backups
• Employee Awareness Training
  
  

ALCiT is a great partner to provide these services, as well as many others. Implementation of these practices translates to reduced risk of attacks, favorable insurance rates, and enhanced confidence. While these five practices significantly reduce overall risk, it is also important to recognize that cybersecurity is a never-ending battle. 

Questions to Ask Yourself

For anyone still unsure or questioning whether this applies to them, it’s important to start by asking the right questions:

• How seriously do you consider data privacy?
• What cyber practices do you currently have in place?
• Have you ever experienced a cyber attack?
• Do you process or receive payments electronically?
• Do you store sensitive information, such as personal data or critical business records?
• How long could your business operate without access to its data and systems?
• Do any of your employees work remotely?
• Are you confident that you or your employees will never make a mistake?
• And most importantly, if you were breached today, who would you call?
  
  

If any of these questions made you think about areas you hadn’t before, then we’re moving the conversation in the right direction. The biggest challenge is simply having the discussion. Changing perception of cyber risk doesn’t happen overnight, but thinking about it today is the first step.

About the Author

Ethan Webber is a Saskatchewan based Cyber Insurance Specialist. He works with businesses to cut through complexity, understand their cyber risks, and secure coverage that actually fits. He runs an internal cyber insurance program that assesses and improves security postures to ensure his clients are properly protected.

Ethan’s goal is to make cyber insurance simple yet effective. With expertise in coverage options and experience working with reputable carriers, he makes it easy to provide individualized quotes. Outside of the office, Ethan enjoys playing the guitar, unwinding with a novel, and spending some quality time with his family.