Are Your Cyber Liability Limits High Enough?

Cyber losses are rising, but cyber liability insurance premiums are actually decreasing. Now is a good time to check whether your cyber liability limits are high enough.

Cyberattacks and Losses Are Surging

The International Monetary Fund says cyberattacks have more than doubled since the COVID-19 pandemic. Phishing attacks – a common entry point for many cyberattacks – are also on the rise. According to a 2024 report from SlashNext, email-based phishing attacks increased by 202%, while credential theft attacks using sophisticated phishing kits surged by 703%.

The increase in cyberattacks is attributable to many factors – from economic and political instability to the rise of smart devices that gives hackers new ways to access computer systems. AI tools are also making cyberattacks easier to launch. Cybercriminals can leverage AI in a number of ways, such as automating attacks, identifying targets, and writing phishing emails. TechTarget warns that cybercriminals are using AI-powered chatbots (like ChatGPT) to carry out sophisticated phishing and business email compromise attacks.

A Single Incident May Wreak Financial Havoc

Some cyberattacks are worse than others, but they all have the potential to devastate a company. Businesses that fall victim to cyberattacks may experience a wide range of direct and indirect losses, including:

• Many businesses feel pressured to give into ransomware demands, either because they need their files or because the criminals are threatening to expose the stolen data to the public if they don’t pay.
• Lost and damaged files and systems. An attack may permanently damage computer files and systems, leading to significant financial loss.
• Business interruption. While a cyberattack is in progress – and before the company is able to restore its systems – it may be impossible to conduct business as normal. In addition to losing access to essential files, businesses may be unable to use cash registers, scheduling apps, and other computer-connected programs.
• Forensic investigations. After detecting suspicious activity, businesses may need to carry out an investigation to determine the extent of the damage and ensure no more damage occurs, which may cost additional money.
• Regulatory costs and penalties. The National Conference of State Legislatures says all 50 states have enacted security breach laws that require notification when there is a breach of personal information. Businesses may face significant expenses when complying with these requirements in addition to other regulatory costs.
• After a data breach, businesses may be sued over allegations that their negligence allowed the breach to happen.
• Reputational damage. If people don’t trust a company to keep their information safe or they are inconvenienced by cyber-related business disruptions, they may decide to take their business elsewhere.

IBM puts the global average cost of a data breach at $4.88 million in 2025 (a 10% increase from 2023), and Comparitech says the average ransomware demand was $5.2 million across all industries.

While small businesses may experience smaller losses, the proportional impact may be worse because many small businesses lack the resources they need to recover from an attack. And hackers will target small businesses. Although the payoffs may be more modest, hackers often see small businesses as easy targets due to the lack of sophisticated cybersecurity systems. In a survey commissioned by Nationwide, 50% of business owners said they had experienced at least one type of harmful cyber activity.

The Current State of the Cyber Insurance Market

With the threat of a cyberattack rising, businesses are encouraged to implement cybersecurity best practices, both through secure computer systems and employee education. However, in the face of constantly evolving threats, this may not be enough. Even when you do everything right, you can still be hacked, which is why cyber liability insurance is increasingly essential.

According to Swiss Re, the cyber insurance market grew at a rate of 32% annually between 2017 and 2022. At the same time, premiums surged to account for rising losses. According to the Council of Insurance Agents & Brokers, cyber premium increases peaked in the fourth quarter of 2021, rising 34.3%. However, rates have been declining recently, thanks to an increase in capacity and competition among carriers. In the fourth quarter of 2024, rates were down by 1.8%.

This has resulted in an interesting situation: risks are rising, but rates are falling. Businesses should take advantage of the opportunity to determine whether their current limits are sufficient and consider purchasing more coverage.

Tangram offers cyber liability insurance that includes computer system extortion, business interruption, and data recovery expense coverage. Base limits of $500,000, $1 million, $2 million, and $3 million are available for most classes, but you can request higher limits of up to $5 million. Learn more.