The top cyber insurance companies in the US
To give you an overview of the different levels of coverage available, Insurance Business lists the top cyber insurance companies in the US in this article. If you’re looking for a cyber insurance provider that can cater to the unique coverage needs of your business, this piece can give you reliable options.
Top cyber insurance companies in the USA
Direct written premiums: $473.1 million
Market share: 9.8%
Swiss industry giant Chubb is not only the top cyber insurer in the US, it is also among the largest insurance companies in the world. Its country headquarters is in Whitehouse Station, New Jersey.
Chubb offers three products under its cyber insurance portfolio. These are:
- Cyber Enterprise Risk Management (Cyber ERM): Designed for businesses that handle or manage sensitive customer or employee data, third-party corporate information, or computer networks, this policy offers customizable coverages to suit each enterprise’s unique needs and exposure. Among the types of businesses that benefit from Cyber ERM are those in healthcare, retail, and financial services.
- DigiTech Enterprise Risk Management (DigiTech ERM): Designed for companies that offer digital technology services such as computer and IT consulting, software and app development, and data processing.
- Integrity+: Provides general liability and first-party cyber coverage for a range of errors and omissions (E&O), media, data security and privacy, and intellectual property infringement issues. Target clients include tech, manufacturing, life sciences, and clean tech firms, as well as federal government contractors.
2. Fairfax Financial
Direct written premiums: $436.4 million
Market share: 9.0%
Toronto-based financial holding firm Fairfax Financial offers a range of property and casualty insurance and reinsurance products, as well as investment and insurance claims management services. The industry behemoth offers cyber insurance policies to US businesses through its several subsidiaries, including:
- Allied World: Provides up to $25 million aggregate limit and no minimum premiums.
- Brit Insurance: Covers legal fees, forensic investigation and crisis management costs, and public relations expenses for up to £5 million limit (about $6.1 million).
- Crum & Forster: Cyber liability coverage includes Payment Card Industry (PCI) liability, regulatory defense and fines, and e-crime and social engineering loss limits up to $250,000.
3. AXA XL
Direct written premiums: $421 million
Market share: 8.7%
AXA XL is the US-based subsidiary of the French insurance giant AXA. It holds headquarters in Stamford, Connecticut.
AXA XL’s flagship cyber insurance policy, called CyberRiskConnect, provides tailored cyber protection for businesses in different industries. Coverage includes:
- Business interruption
- Cyber extortion or ransomware attack
- Data breach response and crisis management
- Data recovery
- Regulatory defense costs and penalties
- Social engineering
- System failure
Policyholders can also access a range of risk mitigation services from AXA XL partners, including:
- Advanced endpoint protection and security services
- Cybersecurity compliance assistance
- Incident response planning
- Data privacy awareness training
- Social engineering and phishing campaigns
- Third-party contract review
CyberRiskConnect provides up to $15 million in coverage available on a primary or excess basis.
AXA XL also holds partnerships with Microsoft and Slice Labs in an initiative aimed at helping protect users of Microsoft’s digital tools.
If only there was a cheat sheet that would help you prepare, prevent, and recover from a #cybersecurity attack…well there is, and we’ve got it. Check out AXA XL’s Cyber Claims Road Map: https://t.co/2z9rhk48t4 #CyberSecurityAwarenessMonth #cyberattack pic.twitter.com/Q9KakNmQKy
— AXA XL (@AXA_XL) October 13, 2021
4. Tokio Marine HCC
Direct written premiums: $249.8 million
Market share: 5.2%
Japanese industry giant Tokio Marine Group offers specialty insurance policies in the US, the UK, Spain, and Ireland through its subsidiary Tokio Marine HCC. Its US-based insurance arm holds its headquarters in Houston, Texas.
Tokio Marine HCC’s Cyber Security Insurance policy provides first-party and liability protection for up to $25 million on a primary and excess basis. Coverage includes cybercrime prevention, crisis response, and post-incident expertise.
Tokio Marine HCC’s Cyber & Professional Lines Group (CPLG) takes a hands-on and tech-driven approach to underwriting. Its success has landed it on Insurance Business America’s list of 5-Star Cyber Insurers.
Direct written premiums: $240.6 million
Market share: 5.0%
Among the top cyber insurance companies in the US, AIG is also one of the first insurers in the country to launch a cyber insurance program – that was more than 20 years ago. To date, the New York-based insurer has over 30,000 policyholders under its flagship cyber coverage, CyberEdge and handles at least five cyber claims daily.
CyberEdge provides up to $100 million in coverage and has no minimum retention. It pays out for the costs associated with a data breach, including:
- First-party expenses
- Cyber extortion
- Data restoration
- Event response
- Network interruption
CyberEdge can be purchased as a standalone product or added to AIG’s select financial lines, and property and casualty insurance policies.
Direct written premiums: $232.3 million
Market share: 4.8%
Travelers offers tailored cyber liability protection for businesses with varying levels of risk. Coverage includes:
- Business interruption
- Crisis management costs
- Cyber extortion
- Forensic investigations
- Litigation fees
- Regulatory expenses and fines
The New York-based property and casualty insurer’s cyber insurance lineup consists of four policies. These are:
- CyberRisk for Multiple Industries and Business Sizes: Cyber coverage designed for all types of businesses, from small enterprises and non-profits to Fortune 500 corporations.
- CyberRisk Tech for Technology Companies: Provides cyber liability and E&O coverage designed for the unique needs of tech firms.
- CyberRisk for Public Entities: Designed to meet the coverage needs of public entities, including municipalities and counties, transit authorities, and other public sector organizations.
- CyberFirst Essentials for Small Businesses: Can be purchased with a business owner’s policy to protect small businesses from cyber threats.
Direct written premiums: $200.9 million
Market share: 4.2%
Beazley offers four types of products under its cyber and technology portfolio designed to provide businesses with financial protection in the event of a cyberattack. These are:
- Beazley Breach Response (BBR): Provides data breach, first-party, third-party, and e-crime coverage for businesses of various sizes.
- InfoSec: Designed for large businesses with significant data privacy and cybersecurity exposures.
- MediaTech: Protects tech and professional services firms against claims, and includes cyber liability, errors and omissions, and media coverage.
- MediaTech for Small Business: Offers the same coverage as MediaTech, but with features and benefits tailored for small businesses.
The London-based insurer provides cyber insurance to US businesses through its several branches across the country. Its American headquarters is located in San Francisco, California.
Direct written premiums: $181.4 million
Market share: 3.8%
Based in Chicago, CNA is one of the largest commercial P&C insurers in the US and also among the country’s top cyber insurance companies. Its cyber insurance policies offer the following coverages:
- Broad media
- Dependent business income
- E-theft and social engineering
- Network failure
- Reputational harm
- Voluntary shutdown
- Wrongful collection
Cyber insurance clients can also choose from four types of plans. These are:
- NetProtect 360: Comprehensive cyber insurance policy designed for different businesses.
- EPS Plus: Cyber liability coverage designed for professional services firms and includes E&O protection.
- EPACK 3: Cyber insurance policy designed for management and professional liability risks. Available in 36 states.
- CyberPrep: Available to all CNA cyber insurance policyholders, this is a suite of cyber risks services that can help identify, mitigate, and address persistent and emerging cyber threats.
Without cyber insurance, the costs associated with a breach could very well put a company out of business. CNA’s Brian Robb discusses with @GARP_Risk why cyber insurance is a critical part of risk management: https://t.co/PSeh1KUTKu pic.twitter.com/5NJuZV4yPN
— CNA Insurance (@CNA_Insurance) November 7, 2019
Direct written premiums: $171.9 million
Market share: 3.6%
Arch Insurance’s cyber coverage has a limit of up to $20 million for any one risk. Among the industries the policy caters to are:
- Energy and utilities
- Healthcare, including pharmaceutical services
- Financial services
- Tech, media, and telecoms
- Retail and leisure
Its flagship cyber insurance policy, called Arch Netsafe 2.0, includes the following features and benefits:
- Business interruption and cyber extortion coverage
- Data security and non-disclosure agreements
- Dependent business interruption coverage
- First-party data incident response expense
- Media liability coverage
- System failure coverage
- PCI-DSS assessments and regulatory fines and penalties
- Carve-back for cyberterrorism
- Carve-back to the contract exclusion for PCI
- “Bring Your Own Device” included within computer system definition
10. AXIS Capital
Direct written premiums: $159 million
Market share: 3.3%
AXIS Capital offers cyber insurance designed for large and middle-market businesses. It has up to $25 million liability limits and covers business interruption losses, including those from dependent businesses and reputational harm. The policy also covers expenses and penalties resulting from regulatory and PCI-DSS non-compliance.
Recently, the insurer also rolled out its AXIS Cyber Technology and Miscellaneous Professional Liability (ACTM) policy aimed at helping businesses avoid potential protection gaps by allowing them to combine multiple coverages in one policy. ACTM is designed for companies with up to $2 billion in revenue and can be purchased through brokers on both an admitted and non-admitted basis.
AXIS Capital is based in Pembroke Parish, Bermuda and has 28 offices globally. In the US, the insurer has branches in Los Angeles, Chicago, Kansas City, New York, Hartford, and Franklin Lakes
Methodology for determining the top cyber insurance companies in the USA
We based our findings on determining the 10 leading cyber insurers in the country based on the National Association of Insurance Commissioner’s (NAIC) latest market share data.
Here’s a summary of the top cyber insurance companies in the US based on direct written premiums and market share:
How does cyber insurance work?
Cyber insurance is a type of insurance policy designed to cover financial losses stemming from cyber incidents. Generally, this form of coverage offers two types of protection, namely:
1. First-party coverage
This policy pays out for the financial losses a business incurs because of a cyber incident, including:
- The cost of responding to a data breach
- Restoring and recovering lost or damaged data
- Lost income resulting from business interruption
- Ransomware attack payments
- Risk assessment of future cyberattacks
Most first-party policies also cover the cost of notifying clients about the cyber incident and providing them with anti-fraud services.
2. Third-party coverage
Also referred to as liability coverage, this type of policy provides financial protection against lawsuits filed by third parties – such as customers, employees, and vendors – for damages caused by a cyberattack on their businesses. It typically covers court and settlement fees, as well as regulatory expenses and fines.
How much does cyber insurance cost in the US?
Cyber insurance premiums on average start at $500 annually for basic coverage and can exceed $5,000 for comprehensive protection. Nationally, several industry and personal finance websites peg the cost at about $1,600 each year for $1 million worth of cover.
The amount of coverage your business needs, however, can be significantly higher or lower depending on a range of factors. Here are some of the metrics you need to consider to work out how much cyber insurance coverage your business requires:
- Company size: The number of employees has a direct impact on your company’s risk exposure. To illustrate, the greater the number of users, devices, and systems a business has, the larger its threat surface and, therefore, the higher the likelihood of falling victim to a cyberattack, which pushes up insurance rates.
- The industry your business is in: Some sectors are more prone to cyberattacks than others. Businesses that handle sensitive information such as those under financial services and healthcare, for instance, are more appealing to cybercriminals. This raises premium prices.
- Revenue: Insurers typically perceive companies that generate higher revenue to be at a greater risk of being targeted by cybercriminals. Because of this, they also often pay more for cyber insurance.
- Level of coverage: The higher the policy limits, the higher the premiums.
- Cybersecurity measures in place: Insurance providers typically reward businesses that dedicate significant resources toward preventing cybercrime with cheaper rates.
Premiums, however, are calculated differently depending on the type of policy. If you want to understand how this insurance component works, you can check out our comprehensive guide on insurance premiums.
Is cyber insurance worth the cost?
Industry experts warn businesses that cyber criminals do not discriminate based on a company’s size. And with the rapid pace of digital transformation giving rise to new and potentially more damaging cyber risks, it pays to get some form of cyber protection. More so if your company manages sensitive customer or employee data, has a large client base, and owns valuable digital assets.
These experts also remind businesses that they cannot rely solely on cyber insurance to bail them out when they fall victim to a cyberattack. To remain insurable, your business needs to do its part and take robust precautions against cyber threats.
If you own a small business and are trying to come up with cost-effective ways to prevent a cyberattack, you can find some practical tips in our cybersecurity guide for small businesses.
Where can you find the top cyber insurance companies in the US?
An experienced insurance agent or broker can guide you in your search for the cyber coverage that best fits your needs. To find reliable and trustworthy insurance professionals, we recommend that you check out our Best in Insurance America page.
In this page, we feature only insurance companies that are nominated by their peers and vetted by our team of experts as dependable industry leaders. By dealing with these providers, you can have peace of mind in knowing that you are getting the best coverage from someone you can rely on during challenging times.
For ongoing coverage of the cyber insurance world, be sure to visit our cyber insurance newspage for the latest information.
Have you experienced working with the top cyber insurance companies on our list? Do you think they offer the best coverage? Send us your thoughts in the comment section below.