Cyber Liability Insurance Limits: How Much Coverage Do You Need?

Cyber losses continue to rise, even as cyber liability insurance premiums begin to stabilize. This creates a critical opportunity for businesses to reassess whether their current cyber liability insurance limits are sufficient.

As ransomware, data breaches, and system disruptions increase in severity, inadequate limits can leave businesses exposed to significant financial loss and liability.

Key Takeaways

• Cyber losses are increasing, even as insurance premiums stabilize
• Ransomware and data breaches can quickly exceed standard policy limits
• Business interruption is a major driver of total cyber loss
• Insufficient limits can lead to significant out-of-pocket costs
• Reviewing coverage limits helps align insurance with actual risk exposure

Cyberattacks and Loss Severity Are Increasing

The International Monetary Fund says cyberattacks have more than doubled since the COVID-19 pandemic. Phishing attacks – a common entry point for many cyberattacks – are also on the rise. According to a 2024 report from SlashNext, email-based phishing attacks increased by 202%, while credential theft attacks using sophisticated phishing kits surged by 703%. From an insurance perspective, these attacks frequently trigger both first-party losses and third-party liability claims.

The increase in cyberattacks is attributable to many factors – from economic and political instability to the rise of smart devices that gives hackers new ways to access computer systems. AI tools are also making cyberattacks easier to launch. Cybercriminals can leverage AI in a number of ways, such as automating attacks, identifying targets, and writing phishing emails. TechTarget warns that cybercriminals are using AI-powered chatbots (like ChatGPT) to carry out sophisticated phishing and business email compromise attacks.

A Single Incident May Wreak Financial Havoc

Some cyberattacks are worse than others, but they all have the potential to devastate a company. Combined impacts often result in complex insurance claims involving multiple coverage components. Businesses that fall victim to cyberattacks may experience a wide range of direct and indirect losses, including:

• Many businesses feel pressured to give into ransomware demands, either because they need their files or because the criminals are threatening to expose the stolen data to the public if they don’t pay.
• Lost and damaged files and systems. An attack may permanently damage computer files and systems, leading to significant financial loss.
• Business interruption. While a cyberattack is in progress – and before the company is able to restore its systems – it may be impossible to conduct business as normal. In addition to losing access to essential files, businesses may be unable to use cash registers, scheduling apps, and other computer-connected programs.
• Forensic investigations. After detecting suspicious activity, businesses may need to carry out an investigation to determine the extent of the damage and ensure no more damage occurs, which may cost additional money.
• Regulatory costs and penalties. The National Conference of State Legislatures says all 50 states have enacted security breach laws that require notification when there is a breach of personal information. Businesses may face significant expenses when complying with these requirements in addition to other regulatory costs.
• After a data breach, businesses may be sued over allegations that their negligence allowed the breach to happen.
• Reputational damage. If people don’t trust a company to keep their information safe or they are inconvenienced by cyber-related business disruptions, they may decide to take their business elsewhere.

Together, these exposures can quickly exceed standard cyber liability insurance limits if coverage is not properly structured.

IBM puts the global average cost of a data breach at $4.88 million in 2025 (a 10% increase from 2023), and Comparitech says the average ransomware demand was $5.2 million across all industries.

While small businesses may experience smaller losses, the proportional impact may be worse because many small businesses lack the resources they need to recover from an attack. And hackers will target small businesses. Although the payoffs may be more modest, hackers often see small businesses as easy targets due to the lack of sophisticated cybersecurity systems. In a survey commissioned by Nationwide, 50% of business owners said they had experienced at least one type of harmful cyber activity.

Cyber Insurance Market Trends and Pricing

With the threat of a cyberattack rising, businesses are encouraged to implement cybersecurity best practices, both through secure computer systems and employee education. However, in the face of constantly evolving threats, this may not be enough. Even when you do everything right, you can still be hacked, which is why cyber liability insurance is increasingly essential. Cyber liability insurance plays a critical role in transferring residual risk that cannot be fully mitigated through security controls alone.

According to Swiss Re, the cyber insurance market grew at a rate of 32% annually between 2017 and 2022. At the same time, premiums surged to account for rising losses. According to the Council of Insurance Agents & Brokers, cyber premium increases peaked in the fourth quarter of 2021, rising 34.3%. However, rates have been declining recently, thanks to an increase in capacity and competition among carriers. In the fourth quarter of 2024, rates were down by 1.8%.

This has created a unique market condition: risks are rising, but insurance rates are stabilizing or declining. Businesses should take advantage of the opportunity to determine whether their current limits are sufficient and consider purchasing more coverage.

How Much Cyber Liability Insurance Coverage Do Businesses Need?

Determining the appropriate cyber liability insurance limit depends on several factors, including the volume of sensitive data, reliance on technology systems, and potential business interruption exposure.

Organizations should evaluate worst-case scenarios, including ransomware demands, extended downtime, and regulatory costs, to ensure limits are sufficient. Without this analysis, businesses risk carrying coverage that does not reflect their true exposure.

Strengthen Your Cyber Liability Insurance Strategy

Rising cyber losses and evolving threats make it critical for businesses to align insurance limits with real-world exposure. Without adequate coverage, a single cyber incident can result in significant financial loss and long-term operational disruption.

Tangram Insurance Services helps organizations evaluate cyber risk and structure cyber liability insurance programs that address ransomware, data breach, and business interruption exposures.

Explore our Cyber Insurance Program to learn how we can help you optimize coverage and control cyber risk.