do you need cyber insurance?

gary newton, LUTZ TECH shareholder


Ransomware attacks have crippled everything from major cities to school districts. Federal officials are even concerned they could be used to disrupt the current presidential election. Last week, a major supplier of software services to state, county and local governments, Tyler Technologies, was hit.

In the U.S. alone, 764 healthcare providers were victimized last year by ransomware, according to data compiled by the cybersecurity firm Emsisoft. It estimates the overall cost of ransomware attacks in the U.S. to $9 billion a year in terms of recovery and lost productivity.

While data breaches occurring in big corporations are often what we hear about, small businesses are equally vulnerable to attack. According to Purplesec, a business, on estimate, falls victim to a ransomware attack every 14 seconds. One way to protect against this risk is to invest in cyber-insurance. Cyber-insurance is gaining popularity now, with about 80% of companies looking to transfer their risk to a third-party company. 


What is Cyber-Insurance?

Cyber-liability insurance, as the name suggests, is an insurance policy designed to help businesses or individuals recover from data breaches, malicious attacks, or other cyber-security threats. It helps you address any expense that might occur as a result of an attack, including forensic investigations, business losses, extortion attempts due to the breach, and legal claims resulting from it. The idea here is to shift some of your cyber-risk to a third party, i.e., the insurance company. 

While most cyber-insurance policies are designed to protect only businesses, as that is the primary goal of coverage, some policies can also extend to clients who interact with your business. 


The Risks of Not Having Cyber-Insurance

No matter how much you secure your data, the risk of cyber-attacks can never be completely eliminated, especially if your business is a small one. With incidences of cyber-attacks increasing every year, businesses are now at a higher risk than ever of their data being stolen or held hostage.

If your security systems fail to prevent a cyber-attack, the consequences could prove fatal to your business. In fact, according to the National Cyber Security Alliance, 60% of small and mid-sized companies go out of business within six months of a cyber-attack. 


What is Not Covered by Cyber-Insurance?

Every cyber-insurance policy is unique, so it’s always best to review the coverage a particular policy provides before signing up for it. Some losses that these policies typically don’t cover include:

  • Property loss, such as a computer stolen during a cyber-attack
  • Expenses that exceed coverage limits on the policy
  • Robbery, theft, property damage, bodily injury, and other criminal activity unrelated to cyber-crime
  • Losses due to prior breaches or cyber-attacks that happened before the policy was purchased
  • Cyber-attacks caused or initiated by employees
  • Failure to correct a known vulnerability in your cyber-security system
  • Expenses involved in upgrading or improving security systems 
  • Preventable security issues caused by humans, such as careless mishandling of digital assets

Some policies do cover attacks initiated due to social engineering, i.e., when an employee is tricked into revealing information that might result in a breach. However, this coverage is not included in all policies, although it may be available as an add-on to a policy. 


Should You Get Cyber-Insurance?

For most businesses, the answer is yes. You do need cyber-insurance because the costs of not having it can be quite high. If your business involves the storage of sensitive data online, you need an insurance policy to help mitigate your risks, especially if you are a small or mid-sized business. A cyber-insurance policy will help you respond quickly and effectively to a data breach, cover your costs, mitigate your risks, and move on from the attack.  

However, it is important to remember that cyber-insurance can’t be your only protection against losses due to cyber-attacks. You need to take proactive measures to ensure that your data is secure, and your systems are up-to-date. In the event of a cyber-attack, you need to prove to your insurance provider that your company did everything it could to prevent the attack. In fact, insurance providers have been known to reject claims if they find that the company failed to properly secure their systems.

For more information about how to ensure that you have done everything possible to safeguard yourself from cyber-threats, check out these cybersecurity tips and this handy guide to the best practices that you can follow. If you have any questions or need help with your cyber-security, Lutz Tech can provide you with expert guidance! If you have any questions, feel free to contact us.




Gary Newton is a Lutz Tech Shareholder with over 30 years of experience. He focuses on providing outsourced technology services by managing and designing network solutions for new and existing clients.

  • Outsourced IT Services
  • Small to Medium Business Technology
  • Virtualization Design (Vmware & Hyper-V)
  • Disaster Recovery
  • Business Continuity Planning
  • Multi-Site Connectivity (Cisco, HP, MPLS)
  • Thin Client Technology (Terminal Services, Citrix)
  • Hosted and Published Application Design
  • Technology Consulting
  • Planning / Licensing Compliance
  • Certified Virtualization Expert v5.0
  • Vmware VSP 6.0 Certified
  • Veeam VMSP Certified
  • Microsoft Licensing Education
  • Microsoft Sales and Marketing Education
  • BS in Electronics Engineering Technology, University of Nebraska, Omaha, NE
  • Local Youth Select Baseball Team, Coach and Instructor for 10+ years
  • ITT Advisory Board, Past Member


We tap into the vast knowledge and experience within our organization to provide you with monthly content on topics and ideas that drive and challenge your company every day.

About UsOur Team | Events | Careers | Locations

Toll-Free: 866.577.0780Privacy Policy | All Content © Lutz & Company, PC 2021