The top cyber insurance companies in the US

The top cyber insurance companies in the US

To give you an overview of the different levels of coverage available, Insurance Business lists the top cyber insurance companies in the US in this article. If you’re looking for a cyber insurance provider that can cater to the unique coverage needs of your business, this piece can give you reliable options.  

Top cyber insurance companies in the USA 

1. Chubb 

Direct written premiums: $473.1 million 

Market share: 9.8% 

Swiss industry giant Chubb is not only the top cyber insurer in the US, it is also among the largest insurance companies in the world. Its country headquarters is in Whitehouse Station, New Jersey. 

Chubb offers three products under its cyber insurance portfolio. These are: 


Cyber Enterprise Risk Management (Cyber ERM): Designed for businesses that handle or manage sensitive customer or employee data, third-party corporate information, or computer networks, this policy offers customizable coverages to suit each enterprise’s unique needs and exposure. Among the types of businesses that benefit from Cyber ERM are those in healthcare, retail, and financial services. 
DigiTech Enterprise Risk Management (DigiTech ERM): Designed for companies that offer digital technology services such as computer and IT consulting, software and app development, and data processing. 
Integrity+: Provides general liability and first-party cyber coverage for a range of errors and omissions (E&O), media, data security and privacy, and intellectual property infringement issues. Target clients include tech, manufacturing, life sciences, and clean tech firms, as well as federal government contractors. 

2. Fairfax Financial 

Direct written premiums: $436.4 million 

Market share: 9.0% 

Toronto-based financial holding firm Fairfax Financial offers a range of property and casualty insurance and reinsurance products, as well as investment and insurance claims management services. The industry behemoth offers cyber insurance policies to US businesses through its several subsidiaries, including: 


Allied World: Provides up to $25 million aggregate limit and no minimum premiums.  
Brit Insurance: Covers legal fees, forensic investigation and crisis management costs, and public relations expenses for up to £5 million limit (about $6.1 million). 
Crum & Forster: Cyber liability coverage includes Payment Card Industry (PCI) liability, regulatory defense and fines, and e-crime and social engineering loss limits up to $250,000. 

3. AXA XL 

Direct written premiums: $421 million  

Market share: 8.7% 

AXA XL is the US-based subsidiary of the French insurance giant AXA. It holds headquarters in Stamford, Connecticut. 

AXA XL’s flagship cyber insurance policy, called CyberRiskConnect, provides tailored cyber protection for businesses in different industries. Coverage includes: 


Business interruption 
Cyber extortion or ransomware attack 
Data breach response and crisis management 
Data recovery 
PCI 
Regulatory defense costs and penalties 
Social engineering 
System failure 

Policyholders can also access a range of risk mitigation services from AXA XL partners, including:  


Advanced endpoint protection and security services 
Cybersecurity compliance assistance 
Incident response planning 
Data privacy awareness training 
Social engineering and phishing campaigns 
Third-party contract review 

 CyberRiskConnect provides up to $15 million in coverage available on a primary or excess basis.  

AXA XL also holds partnerships with Microsoft and Slice Labs in an initiative aimed at helping protect users of Microsoft’s digital tools.  

If only there was a cheat sheet that would help you prepare, prevent, and recover from a #cybersecurity attack…well there is, and we’ve got it. Check out AXA XL’s Cyber Claims Road Map: https://t.co/2z9rhk48t4 #CyberSecurityAwarenessMonth #cyberattack pic.twitter.com/Q9KakNmQKy

See also  Commercial property rates in for 'difficult' period: Marsh


— AXA XL (@AXA_XL) October 13, 2021

  

4. Tokio Marine HCC 

Direct written premiums: $249.8 million 

Market share: 5.2% 

Japanese industry giant Tokio Marine Group offers specialty insurance policies in the US, the UK, Spain, and Ireland through its subsidiary Tokio Marine HCC. Its US-based insurance arm holds its headquarters in Houston, Texas.  

Tokio Marine HCC’s Cyber Security Insurance policy provides first-party and liability protection for up to $25 million on a primary and excess basis. Coverage includes cybercrime prevention, crisis response, and post-incident expertise.   

Tokio Marine HCC’s Cyber & Professional Lines Group (CPLG) takes a hands-on and tech-driven approach to underwriting. Its success has landed it on Insurance Business America’s list of 5-Star Cyber Insurers. 

5. AIG 

Direct written premiums: $240.6 million 

Market share: 5.0% 

Among the top cyber insurance companies in the US, AIG is also one of the first insurers in the country to launch a cyber insurance program – that was more than 20 years ago. To date, the New York-based insurer has over 30,000 policyholders under its flagship cyber coverage, CyberEdge and handles at least five cyber claims daily. 

CyberEdge provides up to $100 million in coverage and has no minimum retention. It pays out for the costs associated with a data breach, including: 


First-party expenses 
Cyber extortion 
Data restoration 
Event response 
Network interruption 

CyberEdge can be purchased as a standalone product or added to AIG’s select financial lines, and property and casualty insurance policies. 

6. Travelers 

Direct written premiums: $232.3 million 

Market share: 4.8% 

Travelers offers tailored cyber liability protection for businesses with varying levels of risk. Coverage includes: 


Business interruption 
Crisis management costs 
Cyber extortion 
Forensic investigations 
Litigation fees 
Regulatory expenses and fines 

The New York-based property and casualty insurer’s cyber insurance lineup consists of four policies. These are:  


CyberRisk for Multiple Industries and Business Sizes: Cyber coverage designed for all types of businesses, from small enterprises and non-profits to Fortune 500 corporations.  
CyberRisk Tech for Technology Companies: Provides cyber liability and E&O coverage designed for the unique needs of tech firms. 
CyberRisk for Public Entities: Designed to meet the coverage needs of public entities, including municipalities and counties, transit authorities, and other public sector organizations. 
CyberFirst Essentials for Small Businesses: Can be purchased with a business owner’s policy to protect small businesses from cyber threats. 

7. Beazley 

Direct written premiums: $200.9 million 

Market share: 4.2% 

Beazley offers four types of products under its cyber and technology portfolio designed to provide businesses with financial protection in the event of a cyberattack. These are: 


Beazley Breach Response (BBR): Provides data breach, first-party, third-party, and e-crime coverage for businesses of various sizes.  
InfoSec: Designed for large businesses with significant data privacy and cybersecurity exposures. 
MediaTech: Protects tech and professional services firms against claims, and includes cyber liability, errors and omissions, and media coverage. 
MediaTech for Small Business: Offers the same coverage as MediaTech, but with features and benefits tailored for small businesses.  

The London-based insurer provides cyber insurance to US businesses through its several branches across the country. Its American headquarters is located in San Francisco, California. 

8. CNA 

Direct written premiums: $181.4 million 

Market share: 3.8% 

Based in Chicago, CNA is one of the largest commercial P&C insurers in the US and also among the country’s top cyber insurance companies. Its cyber insurance policies offer the following coverages: 


Broad media 
Dependent business income 
E-theft and social engineering 
Network failure  
PCI 
Reputational harm 
Voluntary shutdown 
Wrongful collection 

Cyber insurance clients can also choose from four types of plans. These are: 

See also  Potential rise in insolvencies spell management liability implications for SMEs


NetProtect 360: Comprehensive cyber insurance policy designed for different businesses. 
EPS Plus: Cyber liability coverage designed for professional services firms and includes E&O protection. 
EPACK 3: Cyber insurance policy designed for management and professional liability risks. Available in 36 states. 
CyberPrep: Available to all CNA cyber insurance policyholders, this is a suite of cyber risks services that can help identify, mitigate, and address persistent and emerging cyber threats.  

Without cyber insurance, the costs associated with a breach could very well put a company out of business. CNA’s Brian Robb discusses with @GARP_Risk why cyber insurance is a critical part of risk management: https://t.co/PSeh1KUTKu pic.twitter.com/5NJuZV4yPN


— CNA Insurance (@CNA_Insurance) November 7, 2019

9. Arch Insurance 

Direct written premiums: $171.9 million 

Market share: 3.6% 

Arch Insurance’s cyber coverage has a limit of up to $20 million for any one risk. Among the industries the policy caters to are: 


Energy and utilities 
Healthcare, including pharmaceutical services 
Financial services 
Tech, media, and telecoms 
Transportation 
Retail and leisure 

Its flagship cyber insurance policy, called Arch Netsafe 2.0, includes the following features and benefits: 


Business interruption and cyber extortion coverage 
Data security and non-disclosure agreements 
Dependent business interruption coverage 
First-party data incident response expense 
Media liability coverage 
System failure coverage 
PCI-DSS assessments and regulatory fines and penalties 
Carve-back for cyberterrorism 
Carve-back to the contract exclusion for PCI  
“Bring Your Own Device” included within computer system definition 

10. AXIS Capital 

Direct written premiums: $159 million 

Market share: 3.3% 

AXIS Capital offers cyber insurance designed for large and middle-market businesses. It has up to $25 million liability limits and covers business interruption losses, including those from dependent businesses and reputational harm. The policy also covers expenses and penalties resulting from regulatory and PCI-DSS non-compliance.  

Recently, the insurer also rolled out its AXIS Cyber Technology and Miscellaneous Professional Liability (ACTM) policy aimed at helping businesses avoid potential protection gaps by allowing them to combine multiple coverages in one policy. ACTM is designed for companies with up to $2 billion in revenue and can be purchased through brokers on both an admitted and non-admitted basis. 

AXIS Capital is based in Pembroke Parish, Bermuda and has 28 offices globally. In the US, the insurer has branches in Los Angeles, Chicago, Kansas City, New York, Hartford, and Franklin Lakes 

Methodology for determining the top cyber insurance companies in the USA 

We based our findings on determining the 10 leading cyber insurers in the country based on the National Association of Insurance Commissioner’s (NAIC) latest market share data.  

Here’s a summary of the top cyber insurance companies in the US based on direct written premiums and market share: 

Top cyber insurance companies in the US 

How does cyber insurance work? 

Cyber insurance is a type of insurance policy designed to cover financial losses stemming from cyber incidents. Generally, this form of coverage offers two types of protection, namely: 

1. First-party coverage 

This policy pays out for the financial losses a business incurs because of a cyber incident, including:  


The cost of responding to a data breach 
Restoring and recovering lost or damaged data 
Lost income resulting from business interruption 
Ransomware attack payments 
Risk assessment of future cyberattacks 

Most first-party policies also cover the cost of notifying clients about the cyber incident and providing them with anti-fraud services. 

2. Third-party coverage 

Also referred to as liability coverage, this type of policy provides financial protection against lawsuits filed by third parties – such as customers, employees, and vendors – for damages caused by a cyberattack on their businesses. It typically covers court and settlement fees, as well as regulatory expenses and fines. 

See also  Outcomes worst for combined physical, psychological injuries

How much does cyber insurance cost in the US? 

Cyber insurance premiums on average start at $500 annually for basic coverage and can exceed $5,000 for comprehensive protection. Nationally, several industry and personal finance websites peg the cost at about $1,600 each year for $1 million worth of cover.  

The amount of coverage your business needs, however, can be significantly higher or lower depending on a range of factors. Here are some of the metrics you need to consider to work out how much cyber insurance coverage your business requires: 


Company size: The number of employees has a direct impact on your company’s risk exposure. To illustrate, the greater the number of users, devices, and systems a business has, the larger its threat surface and, therefore, the higher the likelihood of falling victim to a cyberattack, which pushes up insurance rates. 
The industry your business is in: Some sectors are more prone to cyberattacks than others. Businesses that handle sensitive information such as those under financial services and healthcare, for instance, are more appealing to cybercriminals. This raises premium prices. 
Revenue: Insurers typically perceive companies that generate higher revenue to be at a greater risk of being targeted by cybercriminals. Because of this, they also often pay more for cyber insurance. 
Level of coverage: The higher the policy limits, the higher the premiums. 
Cybersecurity measures in place: Insurance providers typically reward businesses that dedicate significant resources toward preventing cybercrime with cheaper rates. 

Premiums, however, are calculated differently depending on the type of policy. If you want to understand how this insurance component works, you can check out our comprehensive guide on insurance premiums.  

Is cyber insurance worth the cost? 

Industry experts warn businesses that cyber criminals do not discriminate based on a company’s size. And with the rapid pace of digital transformation giving rise to new and potentially more damaging cyber risks, it pays to get some form of cyber protection. More so if your company manages sensitive customer or employee data, has a large client base, and owns valuable digital assets.  

These experts also remind businesses that they cannot rely solely on cyber insurance to bail them out when they fall victim to a cyberattack. To remain insurable, your business needs to do its part and take robust precautions against cyber threats. 

If you own a small business and are trying to come up with cost-effective ways to prevent a cyberattack, you can find some practical tips in our cybersecurity guide for small businesses.   

Where can you find the top cyber insurance companies in the US? 

An experienced insurance agent or broker can guide you in your search for the cyber coverage that best fits your needs. To find reliable and trustworthy insurance professionals, we recommend that you check out our Best in Insurance America page. 

In this page, we feature only insurance companies that are nominated by their peers and vetted by our team of experts as dependable industry leaders. By dealing with these providers, you can have peace of mind in knowing that you are getting the best coverage from someone you can rely on during challenging times.    

For ongoing coverage of the cyber insurance world, be sure to visit our cyber insurance newspage for the latest information. 

Have you experienced working with the top cyber insurance companies on our list? Do you think they offer the best coverage? Send us your thoughts in the comment section below.