3 Myths of Cyber Insurance

3 Myths of Cyber Insurance

Cyber insurance is a relatively new sector of the insurance industry and for many people, still unfamiliar. To help you familiarize yourself more, we are going to address 3 myths of cyber insurance to see how it can be beneficial for your organization.

What is Cyber Insurance?

As with all insurance, cyber insurance helps an individual or organization have some financial security should something unfortunate happen. All the insurance policyholder has to do is pay their premiums to have that coverage. For cyber insurance, the policies are specific to dealing with damage related to a cyberattack. In the event of a cyberattack, an insurance company would pay for the resulting costs sustained by the policyholder. This could include bills for additional tech needs to recover data as well as costs related to the organization being out of commission for a period.

Due to the nature of cyberattacks being a relatively new phenomenon in the larger scope of insurance history, there are still a lot of misconceptions that people have about how cyber insurance works.

Myth 1: Only the organization that gets attacked suffers without cyber insurance.

This is not true. When an organization suffers a cyberattack, they are not the only ones who are crippled by the attack.

Say a medical device company suffers a cyberattack, it could hinder a hospital from providing treatments that depend on the medical devices the other company made. If the company’s technology is down, they can’t produce more devices nor can they support the devices already on the market. Maybe in this example, the hospital even had some of its data on the medical device company’s servers and it was stolen because of the data that was compromised when the medical device company was hacked. Maybe even the attack was due to negligence on the part of the medical device company.

As shown in this example, a cyberattack impacts more than the particular organization that was directly attacked.

Part of this line of thinking is why cyber insurance policies can have 1st party coverage and 3rd party coverage for cyber insurance. First-party coverage protects the organization that is attacked directly by cyber criminals helping to pay costs for data recovery, ransomware, and other incident-related costs. Third-party coverage protects the organization from lawsuits that, in our previous example, the hospital could file against the medical device company.

Overall, it is important to have good coverage for cyber insurance because an attack will not only affect your organization and its reputation but those who do business with you as well.

Myth 2: I don’t need cyber insurance because of my general liability policy and my cyber security posture.

Also not true.

First, some general liability policies are not enough to cover the costs of a cyberattack. Many general liability policies are woefully small compared to the amounts cyber criminals are asking for in ransomware attacks. Nor are they enough to cover the costs of the organization being inoperable for a period of time.

Second, even if the amount in the general liability policy your organization has is enough, you need to be careful because the wording in the policy might not cover cyberattacks.

This is why it is important to not just have any cyber insurance policy but have a good one that covers your bases, even if it costs a little bit more in premiums, if your organization was attacked the costs there likely would be even worse. Potentially even bad enough to force you to close your doors.

Third, just because you have invested in cyber security measures does not mean you are immune to cyberattacks. Just think of some of the heist movies you may have seen. Often the person being robbed thought they were safe and some criminals exploited a weakness in the security.

Myth 3: Cyber insurance isn’t worth it in the long run.

Many people think that a cyberattack will not happen to them. So the next step in their thinking is that cyber insurance is not worth the cost of the premiums.

Maybe you have good enough cyber security that you have withstood a cyberattack before. Maybe your organization has just never been in the sights of a cybercriminal to even be considered for an attack. Security through obscurity is not a great way to go when running an organization nor is betting on lightning not striking twice.

While we hope you never have to deal with a cyberattack, hoping you don’t undergo a cyberattack is not enough to protect you if one does happen.

When you sit down to think about the kind of impact the loss of all of your organization’s data would have, you begin to understand why having a cyber insurance policy would be helpful in the long run despite the costs of premiums.


Cyber insurance is an ever-increasing sector of the insurance market as more cyberattacks have happened in recent years. One source said that in 2020 alone there was a 435% increase in ransomware attacks. As these attacks have increased in scale and sophistication it is imperative that you and your organization take steps to protect yourselves. Work on increasing your cyber security measures and consider investing in cyber insurance.

Don’t risk the survival of your organization by leaving it all up to chance.

As always, we are here to help.