Cyber
Cyber: the risk that keeps rising.
≈ 3 MIN READ
There's a persistent myth that cyber attacks happen to big companies with big data. The reality is closer to the opposite: smaller businesses are attractive targets precisely because they have money, move it by email, and tend to have lighter defenses. You don't need to hold credit cards or medical records to have cyber exposure — you need a bank account and an inbox.
What actually happens
The headline scenarios in claims are unglamorous and repetitive: an employee's email is compromised and a fraudster quietly redirects a payment to a new "updated" bank account. Ransomware locks the systems that run scheduling, invoicing, and payroll until something is paid or rebuilt. A vendor gets breached and your data walks out their door. None of these require a sophisticated victim — just an ordinary business on an ordinary day.
What the coverage does
Cyber policies generally split into two halves:
- First-party coverage — your own costs: breach response and forensics, data restoration, business interruption while systems are down, cyber extortion, and funds-transfer fraud (subject to the policy's specific terms).
- Third-party coverage — your liability to others: claims from customers or partners whose data or operations were harmed, and regulatory proceedings where applicable.
Just as valuable as the money: most carriers provide an incident response team. At 2 a.m. on the worst night of your business's life, having a breach coach, forensics firm, and legal counsel one phone call away is a real part of the product.
The application is half the coverage
Cyber underwriting now revolves around your controls. Multi-factor authentication, tested backups, endpoint protection, and how you verify payment-change requests aren't just security hygiene — they determine whether you're insurable, at what price, and whether a claim gets paid. Answer the application accurately: a control you claimed but didn't have is exactly the kind of thing that surfaces during a claim investigation. If you're missing a control, tell us — closing that gap is usually cheaper than carrying it.
And increasingly, it's required
Cyber requirements are showing up in commercial contracts the way GL requirements always have. Clients, lenders, and partners want to know a breach on your side won't become a loss on theirs. Even if you never have an incident, the coverage is becoming part of being easy to do business with.
This article is general information, not advice about your specific situation, and not a quote, binder, or contract of insurance. Cyber forms vary significantly between carriers.