Protecting Against the High Cost of Cyberfraud

The role of cyber liability insurance in your risk management strategy

Cybercrime, particularly ransomware, has been on a steady upswing. Victimized companies face costly consequences, including lost dollars and staff time to resolve the matter and a tarnished reputation with customers and the public. In response, many firms are buying cyber liability insurance.

"Network security and privacy" is the general heading for the policies that property and casualty (P&C) carriers offer to cover cyberattacks. Here are some common coverage areas in a comprehensive policy:

  • Third-party liability – This includes the cost of defending against litigation initiated by customers and employees claiming to have been damaged
  • First-party (i.e., the insured) basic expenses – Examples include costs related to hiring cyber forensic experts to investigate and fix the source of the breach, and notifying impacted parties
  • Additional first-party expenses – Data restoration expenses, lost revenue due to business interruption and costs related to external public relations services
  • Extortion payment – In ransomware attacks, it's often necessary to pay a ransom, while at the same time identifying and minimizing or eliminating the vulnerability that led to the successful attack
  • Liability for website content – A variety of liabilities arise from having a company website, including potential theft of proprietary content
  • Health Insurance Portability and Accountability Act (HIPAA) defense and penalties – Exposure of protected private health care data, whether belonging to employees or others (in the case of a health care provider or insurer), can have costly consequences
  • Payment Card Industry Data Security Standard (PCI DSS) penalties – Such costs can be incurred if procedures for processing customer credit and debit card payments don't satisfy PCI DSS requirements and cardholder accounts are compromised

Current annual premium revenue for cyber insurance is in the $3 billion to $4 billion range, but it is expected to reach $20 billion by 2025, according to the Financial Times.Footnote a

The cost of comprehensive cyber policies is generally competitive in today's market, with many new insurance carriers regularly entering the market as demand grows. Cyber policy premiums as a portion of a typical company's total P&C coverage expense will be small. However, costs vary not only by coverage limits but also by industry sector and "record count exposure"—the number of personally identifiable information files in corporate systems.

The daunting variety and complexity of cyber policies can be overcome by working with an experienced broker with expertise in this rapidly evolving field. Given the accelerating growth of cybercrime, taking the steps to be insurable and secure appropriate insurance protection is more critical than ever.


"Cyber insurance market expected to grow after WannaCry attack," Financial Times, May 16, 2017.

Related topics

Planning a Successful Future for Your Family Business Enterprise  (Article)

An effective succession plan is far more than the selection of a successor. It also includes ongoing leadership development and communications to help avoid unnecessary conflicts and to meet the needs of both the business enterprise and family members.

Protecting the Future of Your Business  (Article)

While making sure their current strategies are on target and operations are in sync, business owners also should look beyond today to ensure that plans and processes are in place to protect the long-term best interests of their companies and their families.

Traditional banking services are provided by Truist Bank, Member FDIC.

Only deposit products are FDIC insured.

McGriff Insurance Services, Inc., and McGriff Seibels & Williams, Inc., are subsidiaries of Truist Insurance Holdings, Inc.


Branch Banking and Trust Company, Member FDIC.

New York City residents: Translation or other language access services may be available. When calling our office regarding collection activity, if you speak a language other than English and need verbal translation services, be sure to inform the representative. A description and translation of commonly-used debt collection terms is available in multiple languages at

Branch Banking and Trust Company is now Truist Bank. Learn more.

BB&T and SunTrust have merged to become Truist. Both institutions will continue to offer independent product lines for a period of time. This may include differing underwriting guidelines, product features, terms, fees and pricing. Our friendly teammates at your local SunTrust branches will be happy to walk you through their respective products. You can also learn more by contacting them at 800-SUNTRUST or

BB&T Complete Client Protection

about Truist Bank