One of the questions I am asked a lot these days is related to cyber insurance, specifically – “should I purchase a cyber insurance policy for my business?”  

It’s a great question and a very important topic, and so I’ve decided to focus on it in this blog.  

There’s a lot of confusion around this subject, so let’s start with some definitions.  

Cyber Insurance is an insurance policy that provides protection against financial losses through cyber incidents – such as data breaches, ransomware attacks, data theft, and more. These incidents are often very expensive to fix, and cyber insurance can lessen the financial blow in the same way that property insurance would assist you if your office burned down. Note that cyber insurance does not protect you from the incident happening in the first place – it’s only there to help you mitigate the financial loss if something goes wrong. 

Cyber Security Services, offered by IT companies like Proactive, exist to protect you against these incidents happening in the first place. Competent cybersecurity protection will drastically reduce the chances of a cyber-attack.  

Cybersecurity is preventative; cyber insurance is there to help you mitigate the damage if something does go wrong. 

So, should you invest in cyber insurance for your business? That depends. It depends on the specific nature of your business and the risks that you’re facing. Here are some questions to consider:

  • Is your business at elevated risk for cyber-attack – such as data exfiltration or ransomware attacks? 
  • What are the likely consequences if a cyber-attack is carried out against you? Some businesses can recover fairly quickly and easily, with relatively little damage. Others – especially professional services firms who deal with lots of sensitive client information – can be devastated by a cyberattack. 
  • What have you done to mitigate the risk of cyber-attack? A competent IT provider will help you mitigate these risks by implementing proper cyber hygiene practices in your organization – and these days, most cyber insurance providers won’t issue a policy unless your organization is following best practices. (Also – in many cases your insurance premium can be reduced if you can show the insurer that you’re following proper cyber hygiene.) 

Bottom line: cyber insurance is a great way for businesses to insure against the financial damage that a cyber-attack can create. But it’s not a substitute for putting proper cybersecurity measures in place – and in fact, most insurance companies won’t cover your organization until you’ve got these measures in place. So I’d encourage you to start by focusing on your network security. Once you’ve got these systems in place, you can consider whether cyber insurance makes sense as an additional financial protection. 

If you’d like to have a conversation about cybersecurity or your business IT strategy in general, we’re here to help.  

Please reach out to us via email at or 704-464-3075 extension 3.         

Dedicated to IT security and productivity,     

– Steve

Steve Kennen, president of Proactive IT and cybersecurity expert

About Steve Kennen

As an expert in information technology infrastructure management, cybersecurity, and cyber risk management practices for small businesses, Steve spearheads initiatives that keep his clients secure and their business operations running smoothly. His core message is that the details matter.