Cyber Liability Insurance cost guide
How much does Cyber Liability Insurance cost for small businesses in 2026? Benchmarks, factors, carrier pricing, and how to save.
Looking for editorial recommendations on which cyber liability insurance carrier to choose? See our cyber liability insurance best-of ranking with per-carrier rationale and explicit disclosure of which carriers we excluded.
Coverage overview
Cyber policies are typically split into first-party and third-party coverages. First-party coverage pays the insured's own costs after a breach: forensic investigation, legal counsel to determine notification obligations, notification to affected individuals, credit monitoring and identity-theft services, public relations and crisis management, business interruption losses, data restoration, cyber extortion and ransomware payments (where legally permissible), and funds transfer fraud/social engineering (often a sublimit). Third-party coverage pays claims brought by customers, business partners, or regulators, including privacy liability for breach of personally identifiable information, network security liability for transmitting malware, media liability for online content, and regulatory defense and fines (where insurable). Standard exclusions include bodily injury and physical property damage (covered under GL/property), intentional acts by insiders, acts of war and some state-sponsored attacks, prior known incidents before the retroactive date, failure to maintain minimum security practices (for some carriers), and replacement of bricked hardware beyond restoration cost.
Any business that stores customer payment card data, personally identifiable information (PII), protected health information (PHI), or proprietary digital assets — effectively every modern business — is exposed. Healthcare providers, financial services, retailers, law firms, and technology companies are most frequently targeted, but small businesses are increasingly hit because they have weaker defenses. State breach-notification laws in all 50 states create legal obligations (and costs) after a breach regardless of size.
Average cost
The median small business pays $145/month for cyber liability insurance at standard $1M per claim / $1M aggregate (smaller businesses); $5M+ for higher-revenue or regulated-data accounts limits. Most quotes fall between $33 and $666 per month. The spread reflects the seven factors below, with industry classification and revenue typically driving the largest swings.
Benchmark from Insureon Cyber Liability cost benchmark. Quoted figures reflect bound small-business policies, not survey self-reports.
What affects your cyber liability insurance cost
Carriers don't price cyber liability insurance from a single number. These are the seven inputs they actually weigh, in roughly the order they move premium most.
Annual revenue
Cyber premium scales heavily with revenue because revenue is the proxy for both data volume and potential loss size. Doubling revenue typically increases cyber premium 50–80%.
Industry / data sensitivity
Healthcare, finance, legal, and businesses handling card data face materially higher cyber rates than retail, restaurants, or manufacturing. A $1M cyber for a 50-person SaaS company runs 3–5x what the same limit costs a 50-person landscaping business.
Records held
The number of personally identifiable records you store directly drives cyber pricing. Carriers ask for total customer/employee record counts; brackets typically jump at 1K, 10K, 100K, and 1M records.
Security posture
MFA on email, EDR on endpoints, regular backups (tested), and an incident-response plan unlock 10–30% credits with cyber-specialty carriers like [Coalition](/carriers/coalition). Carriers without active security underwriting either decline submissions without these controls or surcharge them.
Coverage limits and sub-limits
Total policy limit is the headline number, but sub-limits matter more in practice. Ransomware sub-limits, business interruption waiting periods (typically 8–24 hours), and per-incident vs. per-policy aggregates vary materially across carriers and drive the real claims experience.
Claims history
A prior cyber claim in the past 3 years typically adds 30–60% to renewal or pushes the account to a non-admitted/surplus-lines carrier. Cyber claims also leave forensic findings the next carrier can underwrite against. A clean post-claim hardening report cuts the renewal surcharge.
Retention / deductible
Cyber retentions range $1,000 to $50,000 for small business. Moving from $1K to $5K typically saves 10–20% on premium; $25K retentions cut premium 30–40% but require comfortable cash reserves to absorb the deductible during an actual incident.
Stop guessing. Get an actual cyber liability insurance price.
Tell us your industry, state, and size. We'll match you to the carriers most likely to quote cyber liability insurance for your profile, with starting prices side-by-side.
Cyber Liability Insurance cost by industry
Industry classification is the single biggest premium driver. Same coverage, same limits, but a different class code can mean a 4×–10× difference in what carriers charge.
| Industry | Range visualization | Annual range |
|---|---|---|
| Accountants / Bookkeepers | $600–$2,500 | |
| Real Estate Agents / Brokers | $1,000–$3,000 | |
| Fitness / Gym Centers | $1,500–$4,500 | |
| E-commerce / Online Retail | $1,500–$5,000 | |
| IT Consultants | $1,500–$5,000 | |
| Marketing / Advertising Agencies | $1,500–$5,000 | |
| Retail stores | $1,500–$5,000 | |
| SaaS / Tech Companies | $2,000–$7,000 | |
| Lawyers / Law Firms | $2,500–$8,000 | |
| Restaurants | $3,500–$9,000 | |
| Physicians | $8,000–$30,000 |
Showing 11 of 17 industries with carrier-validated cyber liability insurance cost data. View all industries →
How to lower your cyber liability insurance cost
- Quote 3+ carriers at renewal. Premium spreads of 30–50% on the same coverage are routine. The cheapest carrier rotates yearly as each one's loss ratio shifts.
- Bundle into a BOP if you qualify. A business owner's policy combines GL + commercial property at typically 10–25% less than the same coverages bought separately.
- Check your industry classification code. Misclassification (usually a holdover from when the business looked different) is the single most common avoidable cost. A 10-minute conversation with the underwriter can be worth thousands.
- Set a reasonable deductible. Where it's offered, a $500–$2,500 deductible cuts premium 5–15% with negligible exposure for most small businesses.
- Pay annually, not monthly. Most carriers charge a 5–10% installment fee on monthly billing. If cash flow allows, annual saves the spread.
Top cyber liability insurance carriers by pricing transparency
Carriers ranked against our 6-dimension methodology, filtered to those we cover that write cyber liability insurance.
Sub-threshold = fewer than 20 NAIC complaints in 3 years (data is too sparse to score reliably). N/A (broker) = not a carrier. See full methodology →
| Carrier | Our score | Positioning | Starting price | Coverage | Claims | AM Best | NAIC index | States | Quote channel |
|---|---|---|---|---|---|---|---|---|---|
 | 8.1 | Broker comparing 8+ carriers | GL $21/mo | 8.5/10 | 7.5/10 | — | N/A (broker) | 50 states | Broker portal |
 | 8.1 | Broad-ladder primary carrier | GL $42/mo | 9.0/10 | 8.0/10 | A++ | Sub-threshold | 50 states | Direct online |
 | 7.9 | Single-carrier program for SMBs | GL $68/mo | 9.0/10 | 8.0/10 | A+ | Sub-threshold | 50 states | Direct online |
 | 7.8 | Digital-native micro-business | Cyber $4/mo | 7.0/10 | 7.5/10 | A+ | Sub-threshold | 50 states | Direct online |
 | 7.7 | Tech & data-handling specialist | Cyber $83/mo | 8.5/10 | 8.0/10 | A | Sub-threshold | 50 states | Direct online |
 | 7.4 | Gig and event-based | GL $17/mo | 6.5/10 | 7.0/10 | A+ | Sub-threshold | 50 states | Direct online |
About complaint index data: Values are 3-year averages from NAIC Consumer Information Source for commercial liability. Carriers with fewer than 20 complaints in the 3-year window are labeled "sub-threshold". A reliability call about data volume, not a finding about the carrier. Brokers (Category D) are structurally N/A. See our complete methodology.
- 8.1
- Positioning
- Broker comparing 8+ carriers
- Starting price
- GL $21/mo
- Coverage
- 8.5/10
- Claims
- 7.5/10
- AM Best
- —
- NAIC index
- N/A (broker)
- States
- 50 states
- Quote channel
- Broker portal
- 8.1
- Positioning
- Broad-ladder primary carrier
- Starting price
- GL $42/mo
- Coverage
- 9.0/10
- Claims
- 8.0/10
- AM Best
- A++
- NAIC index
- Sub-threshold
- States
- 50 states
- Quote channel
- Direct online
- 7.9
- Positioning
- Single-carrier program for SMBs
- Starting price
- GL $68/mo
- Coverage
- 9.0/10
- Claims
- 8.0/10
- AM Best
- A+
- NAIC index
- Sub-threshold
- States
- 50 states
- Quote channel
- Direct online
- 7.8
- Positioning
- Digital-native micro-business
- Starting price
- Cyber $4/mo
- Coverage
- 7.0/10
- Claims
- 7.5/10
- AM Best
- A+
- NAIC index
- Sub-threshold
- States
- 50 states
- Quote channel
- Direct online
- 7.7
- Positioning
- Tech & data-handling specialist
- Starting price
- Cyber $83/mo
- Coverage
- 8.5/10
- Claims
- 8.0/10
- AM Best
- A
- NAIC index
- Sub-threshold
- States
- 50 states
- Quote channel
- Direct online
- 7.4
- Positioning
- Gig and event-based
- Starting price
- GL $17/mo
- Coverage
- 6.5/10
- Claims
- 7.0/10
- AM Best
- A+
- NAIC index
- Sub-threshold
- States
- 50 states
- Quote channel
- Direct online
Cyber Liability Insurance cost FAQs
How much does cyber liability insurance cost?
Most small businesses pay between $33 and $666/month for $1M cyber liability coverage, with a median near $145/month per Insureon. Sub-$1M-revenue service businesses pay at the low end; healthcare, finance, and SaaS at the high end. Premium scales steeply with the number of personal records held and revenue.Do I need cyber insurance if I don't handle credit cards?
Yes, if you store any customer or employee personal data. Names, emails, dates of birth, SSNs, health information, financial accounts. Most cyber claims are not card breaches; they are ransomware, business email compromise, and incidental PII loss. Any business with a customer list and an email server has the underlying exposure.What does cyber insurance actually cover?
Standard cyber policies cover: forensic investigation, breach notification costs, credit monitoring, regulatory fines (where insurable), business interruption from cyber incidents, ransom payments (where legal), data restoration, and third-party liability claims. Each carrier's policy form differs. Read the sub-limits, not just the headline limit.Does general liability cover data breaches?
No. Standard GL policies explicitly exclude data, electronic records, and "personal and advertising injury arising from electronic publications." A cyber incident requires a standalone cyber policy or a cyber endorsement on a BOP. See our GL cost guide.Are ransomware payments insurable?
Yes. Most cyber policies cover ransom payments, subject to sub-limits (typically $250K–$1M) and the legal status of the recipient. OFAC sanctions create an underlying restriction: payments to sanctioned entities are illegal regardless of insurance. Cyber-specialty carriers like Coalition handle the legal/forensic process; broader carriers may decline complex cases.Is cyber insurance tax-deductible?
Yes. Cyber premiums are deductible as ordinary and necessary business expenses per IRS Publication 535. Same treatment as GL, PL, and other business policies.Do I need cyber insurance if I use AWS / Google Cloud / Azure?
Yes. Cloud providers are responsible for security OF the cloud (their infrastructure); customers are responsible for security IN the cloud (their accounts, configurations, and data). The shared-responsibility model means cyber liability sits with the customer regardless of cloud provider. And most cyber claims involve customer-side misconfigurations, compromised credentials, or third-party SaaS, not cloud-provider failures.How is cyber insurance different from tech E&O?
Methodology & sources
Median monthly figures and typical-range bounds come from Insureon's published carrier-quote benchmarks. These are real bound-policy quotes, not survey self-reports. It's the most representative public dataset of small-business premium ranges.
Per-policy starting-price floors are sourced from the carriers we cover (10+ small-business insurers) at their published advertised rates. We don't average competitive intel; we report what each carrier publishes.
Industry-wide context (NAIC complaint indices, III definitions, SBA guidance, IRS Publication 535 deductibility) sources every claim that isn't a price benchmark. State-specific WC rates, when shown, originate from each state's rating bureau (NCCI or independent).
Sources cited
Stop guessing. Get an actual cyber liability insurance price.
Tell us your industry, state, and size. We'll match you to the carriers most likely to quote cyber liability insurance for your profile, with starting prices side-by-side.