How Does Cyber Insurance Work?

By Travelers
4 minutes
Cyber Resources
Graphic of secure cybersecurity practices.

The cost of dealing with a data breach goes beyond repairing databases, strengthening security procedures or replacing lost laptops. Regulations requiring notifications to affected customers also drive up costs for companies when a data breach compromises personal or confidential data. Traditional business insurance may not be enough to protect companies from cyber crime. But just how does cyber insurance work?

Typically, there are a number of different coverages available. To have the coverage that is right for your company, you and your agent can work together to tailor the coverages based on the specific risks your business faces. Following are some explanations of typical elements of a Travelers cyber insurance policy.

Types of Coverage

What cyber insurance does: Companies have an obligation to keep their customers’ protected health information (PHI) and personally identifiable information (PII) confidential. They may face potential liability if the information is exposed in a data breach. This coverage protects companies for liability to others and reimburses companies for expenses related to a data breach, which could include legal counsel and defense, a digital forensics team, notification costs, crisis communications and setting up a call center and credit monitoring for those affected by the data breach.

Why cyber insurance is important: Many companies store their customers’ confidential information, PHI and PII, as well as confidential corporate information, either for themselves or for another company. For example, an employee benefits company may have personnel records for the employees of dozens of companies it serves, which can mean that a single breach presents the potential for a significant liability.

Third-Party (liability) and First-Party Coverage

What it does: Companies have an obligation to keep their customers’ protected health information (PHI) and personally identifiable information (PII) confidential. They may face potential liability if the information is exposed in a data breach. This coverage protects companies for liability to others and reimburses companies for expenses related to a data breach, which could include legal counsel and defense, a digital forensics team, notification costs, crisis communications and setting up a call center and credit monitoring for those affected by the data breach.

Why it’s important: Many companies store their customers’ confidential information, PHI and PII, as well as confidential corporate information, either for themselves or for another company. For example, an employee benefits company may have personnel records for the employees of dozens of companies it serves, which can mean that a single breach presents the potential for a significant liability.

Worldwide Coverage

What worldwide coverage does: Claims and events can occur anywhere in the world, and notification requirements differ by location. To help fulfill these requirements, policyholders can access Travelers’ network of forensics, crisis communications and legal experts to address claims made or events occurring anywhere in the world.

Why world-wide coverage is important: If a company has a data breach, it must follow the privacy laws that govern where its customers live, not just where it is headquartered. This can be costly, confusing and time-consuming for a company without specialized resources.

Other Coverages

Travelers CyberRisk insurance against cyberattacks also includes betterment coverage. This provides for costs to improve a computer system after a security breach, when improvements are recommended to eliminate vulnerabilities that could lead to further breaches.

Distinct Insuring Agreements (with the ability to set limits and retentions for each insuring agreement)

What it does: Having separate insuring agreements allows companies to be covered for different risks, at different levels. This gives companies more protection as companies can choose to set a higher limit for a specific risk, based on their business’ unique needs.

Why it’s important: There are a number of different ways that cyber crime can affect a company, from e-commerce extortion to funds transfer fraud. Having distinct insuring agreements helps protect against a diverse set of risks.

Extended Reporting Period

What it does: This gives companies more time to detect and report a data breach. It extends the reporting period, typically 90 days, and includes crisis management and security breach expense coverage.

Why it’s important: Given the nature of data breaches, a company might not realize that it suffered a breach until after the end of the cyber policy.

First-Party Coverage for Computer Program and Electronic Data Restoration Expenses

What it does: This coverage reimburses companies for expenses related to recovering from damages to computer programs and electronic data.

Why it’s important: Not all cyber claims are related to an actual data breach. For example, malware downloaded from an email could lead to lost, encrypted or otherwise damaged files, requiring expenses to repair and restore.

Business Interruption Coverage

What it does: This coverage applies to expenses and lost revenue due to a computer virus or denial-of-service attack that impairs a computer system.

Why it’s important: While many companies may have business interruption coverage as part of their property coverage, cyber crimes may not be covered.

Your coverage for security breach remediation and notification expenses would include purchasing an identity fraud insurance policy, credit monitoring services, computer forensics and access to a Breach Coach for advice regarding initial breach response.

Cyber insurance also can help protect you before a breach. Travelers customers have access to risk management services, cyber security experts and other resources to help prevent a data breach. Perhaps just as importantly, having cyber insurance can help prepare your company to respond effectively in the critical hours and days following a data breach. 

Illustration cyber security practices in place with a red padlock.

Top Stories

5 Cyber Readiness Practices to Boost Your Cybersecurity

Cyber risk is the No. 1 concern across all businesses. Improve your defense and explore five cyber safety best practices to help boost your company's security.

Learn More

Related Products & Services

Cyber Insurance for Small Businesses

Provides coverage to help cover the costs of a data breach for things like customer notifications and PR communications.

More Prepare & Prevent

More Prepare & Prevent

4 Steps to Help Manage a Data Breach

It is critical that business owners know what to do in the event they are breached.

Two employees looking at computer screen managing data breach.
2 minutes

More Prepare & Prevent

Top 5 Cyber Risks for Businesses

Learn about some of the top cyber risks and what they may mean for your business, regardless of size.

Laptop left open and alone on a chair.
3 minutes

More Prepare & Prevent

Cyber Risk Pressure Test

Cybercrime has become increasingly frequent, complex and costly. What could your company be doing to better manage the risk? Take our four-part questionnaire to find out. #HarnessRisk

Red padlock with checkmark icon set atop a grey world map.
5 minutes
Explore More Articles

Related Content

Travelers Cyber Advantage Helps Businesses Understand Cyber Coverage

See How Travelers Can Help Uncover Cyber Risks

Business person smiling and carrying a red folder.

Find an insurance agent

Get coverage for your unique professional risks.

FIND AN AGENT