Top 10 Leading cyber insurance providers in the US in 2022
Updated: Sep 25, 2022
What does cybersecurity insurance cover?
Cyber insurance is basically designed to protect businesses against financial losses resulting from cyber attack incidents. Policies mainly provide two types of protection, namely first-party and liability coverage. Here’s what these different types of coverages pay out for.
First-party coverage
This type of coverage pays the financial losses due to cyber incidents it's including the cost of responding to a data breach, damaged data lost income resulting from business obstruction restoring and recovering losses, ransomware attack payments, and risk assessment of future cyber attacks. Also, most of the policies also cover the cost of informing customers about the incident and providing clients with anti-fraud services.
Liability coverage
Policies mainly cover court and settlement fees, and regulatory fines. Also referred to as third-party liability coverage, this provides financial protection against lawsuits filed by third parties, including customers, employees, and vendors, for damages caused by a cyberattack on the business
1. Hiscox
Rating: 4.9
Policy name: Cyber Security Insurance
Privacy, data, and network exposures
Costs to respond to a breach, including access to pre-and post-breach response services
Employee cyber training program includes certificates of completion
Costs of defending and resolving claims for statutory violations, negligence, regulatory investigations, and breach of contract
Optional coverage for cybercrime, cyber deception, social engineering, and business interruption
Worldwide coverage
2. Chubb
Rating: 4.8
Policy name: Cyber Enterprise Risk Management (Cyber ERM)
Coverage designed to address evolving regulatory, legal, and cybersecurity standards
Easy-to-read form
Clearly labeled exclusions with competitive carve-backs
Payment card loss coverage built into the base form
Discovery-based coverage at a control group level
Enhanced business interruption and extra expense language coverage
Broadened definition of protected information includes biometrics, internet browsing history, and personally identifiable photos and videos
Extortion expenses explicitly include Bitcoin and other cryptocurrencies
Coverage territory is applicable anywhere in the world
3.AIG
Rating: 4.7
Policy name: CyberEdge
Third-party claims arising from failure of the insured’s network security or a failure to protect confidential information
Investigation and defense of regulatory actions arising from failure of the insured’s network security or a failure to protect confidential information
Payment Card Industry Data Security Standard (PCI-DSS) assessments
Costs of notifications, public relations, and other services to assist in managing and mitigating a cyber incident
Legal consulting and identity monitoring costs for victims of a breach
Forensic investigation costs
Costs to restore electronic data
Business interruption and certain expenses due to a covered cyber event
Reimbursement of ransom payments
3= The Hartford
Rating:4.7
Policy name: CyberChoice
Data privacy and network security liability coverage
Coverage for privacy regulatory matters
Media liability coverage
Incidence response coverage
Cyber extortion coverage
Network asset restoration expenses
Business interruption costs
Dependent business interruption costs
Pre-claim assistance
Post-incident remediation expenses
5 CNA
Rating: 4.6
Policy name: Cyber Insurance
Network failure costs
Dependent business income
Wrongful collection coverage
Broad media coverage
E-theft and social engineering coverage
Reputational harm
Voluntary shutdown
Payment Card Industry (PCI) coverage
6= Arch Insurance
Rating: 4.5
Policy name: Arch Netsafe 2.0
System failure coverage
Dependent business interruption coverage
PCI-DSS assessments and regulatory fines and penalties
First-party data incident response expense
“Bring Your Own Device” included within computer system definition
Carve-back for cyberterrorism
Carve-back to the contract exclusion for PCI
Data security and non-disclosure agreements
Media liability coverage
Coverage available for business interruption and cyber extortion
6= Hanover
Rating: 4.5
Policy name: Cyber Advantage
Privacy and security liability
Breach event expense
Breach reward expense
Cyber business interruption and extra expense
Cyber extortion response costs
Cyber theft
Breach at a third-party
Cyber media liability
Fines and penalties
8. Intact
Rating: 4.4
Policy name: Privacy Breach Coverage
Remediation expense coverage
Business interruption coverage
Legal expense coverage
Worldwide coverage for up to 60 days
Cyber extortion
Smart phone coverage
9= Axis
Rating: 4.3
Policy name:: Axis Cyber Insurance (ACI)
Business interruption:
Includes voluntary shutdown of the business’ network
Generous period of restoration up to 180 days
Reputational harm coverage for 12 months
Forensic accounting costs to prepare proof of loss documentation
Interim payments to increase the speed with which claims are covered
Other first-party coverage considerations:
Coverage for undiscovered cyber events
Most cover is on a “Pay” rather than “Reimburse” basis to help manage cash flow following a cyber incident
Data recovery includes upgrades
Funds to replace electronic devices and equipment
Cybercrime cover for social engineering, business email compromise, cryptojacking, and theft of telecommunications services
General coverage considerations:
Privacy regulatory cover includes GDPR and CCPA and other consumer privacy protection laws
Cover for private actions under BIPA and other law regulating collection and use of biometric information available by endorsement
Privacy incident includes all activities regulated under a privacy regulation
PCI-DSS covers card re-issuance costs, fraud, and administrative reimbursement assessments, forensic investigation costs, fines, and penalties
Cyber terrorism
9= Beazley
Rating: 4.3
Policy name: Beazley Breach Response (BBR)
Up to $5 million coverage for data breach notification and credit/identity monitoring
Privacy breach response services include:
Legal and computer forensic services
Discretionary notice to individuals potentially affected by the breach
Resolution and mitigation services,
Identity theft-related fraud resolution services
12 free months of identity monitoring
Theft, loss, or unauthorized disclosure of information held by business associates for organizations required to comply with the Health Insurance Portability and Accountability Act (HIPAA)
Third-party coverage includes:
Third-party information security and privacy coverage with up to $15 million in limits in addition to the breach response coverage
Regulatory defense and penalties
Website and offline media liability
PCI fines, penalties, and assessments
Cyber extortion
First-party business interruption and data protection with limits up to $15 million.