Common Misconceptions about Cyber Insurance

In this series of 7 blog posts, we provide a general overview of cyber insurance and its value for SMBs, as well as cover specific topics within cybersecurity that are relevant to getting a good deal on a cyber policy for your organization. This “Super Simple Guide” breaks down technical topics in plain English so that you, the SMB owner, can approach the task of protecting your business with confidence and knowledge.

Common Misconceptions about Cyber Insurance


You’ve heard about cyber insurance, also referred to as “cyber risk insurance” or “cyber liability insurance,” but you’re not sure if it’s something your organization needs.

You know cybercrime is on the rise — and if you don’t, you will by the time you’re done reading this — but cyber insurance is confusing, and more importantly, it costs money. Maybe you can get away with not having a cyber insurance policy.

Then again, maybe not. There’s taking risks and then there’s being reckless. If only there were some kind of no-nonsense, common-sense guide to cyber insurance … Something written for small and medium-sized business (SMB) owners who are looking for information and a bit of perspective, not a bunch of jargon and a sales pitch —

Say no more! We’re pleased to introduce The SMB Owner’s Super Simple Guide to Cyber Insurance, where we break down the topic of cyber insurance in plain English. The guide consists of 7 parts.

In this first part, we introduce SMB owners to the topic of cyber insurance by way of clearing up 4 Common Misconceptions they might have about it.

The next 6 articles cover the following topics, all of which relate to cyber insurance in important ways:

  1. Compliance
  2. Encryption
  3. Scope of Data
  4. Multi-Factor Authentication
  5. Security
  6. Data Backup

Important: This guide isn’t legal advice. It’s also not a substitute for working closely with a team of trusted IT experts to protect your business. The purpose of The SMB Owner’s Super Simple Guide to Cyber Insurance is to give you the lay of the land. We want to help you understand what cyber insurance is, why it’s important, and what sorts of things your business can do to control the costs of coverage and reduce the chances of claim denials.

Cyber Insurance Misconception #1: “Cybercrime Is Rare”

Business owners — along with the general public — drastically underestimate how serious of a problem cybercrime has become in recent years. But the numbers don’t lie:

  • 86% of organizations were victims of a successful cyberattack in 2020 (CyberEdge)
  • The FBI received 791,790 cybercrime complaints in 2020, a 69% increase from 2019 (IC3)
  • More than 465,000 cybercrimes occurred in 2020, around one every 1.12 seconds (IC3)

These statistics point to a very uncomfortable truth about cybercrime, one that Eric Cole isn’t afraid to state frankly in his book, Cyber Crisis: “It’s going to happen to you, if it hasn’t already.”

Bottom line: Cybercrime is far more common than most people realize. By purchasing cyber insurance for your business, you’re not preparing for the possible; you’re bracing for the inevitable.

Cyber Insurance Misconception #2: “Cybercrime Only Affects Big Companies”

Repeat the following until it’s seared into your brain:

No business is ‘too small’ to be the target of cybercriminals.

Threat actors are picking on SMBs more and more often because they know these smaller organizations tend to have weaker cybersecurity, making them ‘easy prey.’ Again, the numbers speak for themselves:

Bottom line: If you think you don’t need cyber insurance because you believe cybercrime only affects large companies, think again.

Cyber Insurance Misconception #3: “My Business Doesn’t Need Cyber Insurance Because We’re Careful”

Cybercrime is a rapidly growing problem, and organizations of all sizes are targets. But you and your employees are careful. In fact, you’re all about cybersecurity. You might not be a big business, but you’re not easy prey.

If that’s the case, great! But robust cybersecurity practices aren’t always enough to protect your business. An unfortunate truth is still a truth — you can do everything perfectly, and still get breached.

Bottom line: Being ‘careful’ might lessen your need for cyber insurance, but it doesn’t remove that need altogether, especially if your business is in an industry that handles sensitive data and is therefore vulnerable to cyberattacks (e.g., healthcare or finance).

Cyber Insurance Misconception #4: “My Business Doesn’t Need Cyber Insurance Because We Have Business Liability Insurance”

Don’t assume that your business’s general liability insurance will cover the costs associated with a cyber incident, because, generally speaking, it won’t.

In fact, a lot of carriers are now making sure to exclude cyber liability. These companies know how common cyberattacks have become, and simply don’t want to take on all that risk.

Bottom line: If your reason for not getting cyber insurance is that you already have business insurance, find another reason!

Summing Up

Cybercrime is real, and it’s here to stay. It happens much more than people realize, and the effects can be devastating. Moreover, businesses of ALL SIZES are targets, and robust cybersecurity practices aren’t always enough to keep your business safe.

Cyber insurance can provide an added layer of protection, as it can cover many of the costs associated with a cyber incident, including:

  • Notifying customers and other affected parties
  • Credit monitoring for affected parties
  • Investigating the cause of the breach
  • Minimizing reputational damages
  • Legal expenses (including compensation for affected parties who choose to sue your organization)
  • Regulatory penalties

The costs of a cyberattack are numerous and severe, so it’s no surprise that the majority of SMBs have to close up shop after getting breached. Like any kind of insurance, you won’t need your cyber insurance until you do. But then, you’ll really need it.