BLOG HOME > Cybersecurity > Cyber Breach Insurance: How Much Does it Cost?

Cyber Breach Insurance: How Much Does it Cost?

Brand Barney, SecurityMetrics
By: Brand Barney

Simple financial protection from data compromise.

There are three types of businesses.

  1. Those that have been hacked
  2. Those that don’t know they’ve been hacked
  3. Those about to be hacked
Many organizations don’t think a data breach can happen to them. They believe data thieves are only interested in giant corporations with hundreds of thousands of customers. However, according to Raytheon, 97% of networks will experience a security compromise over any given six-month period.

Regardless of how they’re breached, I guarantee a business doesn’t walk away from their breach without financial suffering and/or brand degradation. A breach impacts your day-to-day operations, it often hits when you least expect it, and it’s extremely inconvenient.

SEE ALSO:  How Much Does a Data Breach Cost Your Organization?

We have to face a hard truth: no business is immune to compromise, no matter how small or large. That’s where cyber breach insurances, paired with excellent security practices, can help.

SEE ALSO:  10 Tips to Keep Security In the Budget

What does a data breach cost?

I can’t discuss cyber insurance without laying out just how much a breach could cost. Obviously, the financial examples presented below will change based on your size, how many customer cards were stolen, how hackers got into your organization, if you were willfully aware of your vulnerabilities, etc.

If breached, you may only be liable for a few of these fines . . . or you could be expected to pay even more than I’ve listed. It all depends on the size of your breach.

  • Merchant processor compromise fine:  $5,000 – $50,000 
  • Card brand compromise fees:  $5,000 – $500,000 
  • Forensic investigation:  $12,000 – $100,000 
  • Onsite QSA assessments following the breach:  $20,000 – $100,000 
  • Free credit monitoring for affected individuals:  $10 – 30/card 
  • Card re-issuance penalties:  $3 – $10 per card 
  • Security updates:  $15,000+ 
  • Lawyer fees:  $5,000+ 
  • Breach notification costs:  $1,000+ 
  • Technology repairs:  $2,000+ 
  • An increase in monthly card processing fees:  + 
  • Federal/municipal fines:  + 
  • Legal fines:  + 
  Estimates by SecurityMetrics QSAs  
SEE ALSO:  7 Hearty Tips to Avoid Costly Data Breaches

Now that you understand just how important cyber insurance is to the financial stability of your organization, what should you expect to pay for it?

How much is cyber breach insurance?

Depending on how much financial assistance you would like to receive after a breach, your size, your annual revenue, and your industry, cyber insurance premiums can cost from $650 to $120,000 annually.

When you might not need cyber insurance

You might not need cyber insurance if you are already protected under your Payment Card Industry Data Security Standard (PCI DSS) vendor. Let me explain.

Most PCI vendors have a limited guarantee on their PCI compliance services. If their services don’t help protect you from data breach, you may be reimbursed up to $100,000 per Merchant Identification Number (MID). This breach protection is like a lifeboat that will keep you and your crew afloat after your ship starts to sink.

If you are paying a PCI vendor for data security and PCI compliance services and they don’t have a guarantee … do you really trust their products to keep you safe from data breach? Are they really looking out for your best interests?

Looking for a PCI vendor with an award-winning PCI service guarantee? Check this PCI product out.

Join Thousands of Security Professionals and Subscribe


What can you spend service guarantee finances on?

Most companies offering this protection won’t limit you to what you can be reimbursed for, as long as pertains to your breach. Here’s an example list:

  • Forensic investigations
  • Payment Card Industry Data Security Standard (PCI DSS) fines
  • Payment card brand fines
  • Health Insurance Portability and Accountability Act (HIPAA) fines
  • Customer payment card replacement fees
  • Customer notification costs
  • Regulatory fines/penalties
  • Upgraded device for future security
  • Gramm-Leach-Bliley Act (GLBA) fines
  • Post-event consultation

Which is better? Cyber insurance or breach protection?

For extremely large organizations handling large quantities of sensitive data, it makes sense to pay the premium for cyber insurance. But, remember, you might already be protected. For small, medium, and large businesses already fulfilling their PCI DSS requirements, it makes financial sense to make sure your vendor has PCI services guarantee.

Brand Barney (CISSP, HCISPP, QSA) is a Security Analyst at SecurityMetrics, has over 10 years of data security experience, and will totally geek out if you mention Doctor Who. Brand loves to play jazz piano and daydreams about being as great as Dave Brubeck or Thelonious Monk. 

Get Started with PCI Compliance

Start Here