Updated 17 April 2026
Cyber Liability Insurance Cost for Small Business 2026
Cyber liability insurance costs $83 to $134/month for small businesses in 2026. Ransomware attacks on small businesses are up 40 percent since 2023. The average breach costs $120,000 to $200,000. For most businesses, the coverage math is clear.
Median range
$83-134/mo
$999-1,609/year
Sole proprietor
$33-50/mo
Low-risk industries
Tech / IT firm
$150-400/mo
+88% above average
Avg breach cost
$120-200k
Small business 2026
What Cyber Insurance Covers
Data Breach Response
Forensic investigation, breach notification letters, credit monitoring for affected customers. Often the largest cost item.
Ransomware Payments
Most policies cover ransomware payments up to your limit, with caveats. Some exclude payments to sanctioned entities.
Business Interruption
Lost revenue and extra expenses during downtime caused by a cyber event. Critical for businesses that cannot operate offline.
Regulatory Fines
HIPAA fines, CCPA/state privacy law penalties, PCI-DSS violations. Coverage is typically sublimited and varies by policy.
Third-Party Liability
Claims from clients or partners whose data was exposed in a breach of your systems. Increasingly common in B2B contracts.
Cyber Extortion Defense
Legal and negotiation costs related to extortion demands, even if you do not pay the ransom.
What Cyber Insurance Does NOT Cover
- Prior known incidents: If you knew about a breach before binding coverage, it is excluded.
- Unpatched systems: Some policies exclude claims from systems with known vulnerabilities that were not patched after warning.
- Social engineering (often sublimited): Many policies cap social engineering fraud (phishing scams causing wire transfers) at $25k to $100k, far below actual losses.
- Reputation damage: Brand damage, customer churn, and PR costs from a breach are generally not covered.
- Intentional acts by employees: Insider threats that are deliberate rather than negligent are typically excluded.
Cost by Business Size
| Employee Count | Cyber Median/mo | vs Baseline | Notes |
|---|---|---|---|
| Sole proprietor | $33-50 | Baseline | Minimal data storage, simple operations |
| 1-4 employees | $50-83 | +25-45% | Small team, growing data footprint |
| 5-19 employees | $83-134 | +80% above sole prop | Increasing attack surface |
| 20-49 employees | $134-325 | +325% above sole prop | Multiple systems, higher target value |
| 50-99 employees | $325-600 | Commercial market | Standard underwriting questions required |
Cost by Industry
| Industry | Cyber Cost Multiplier | Why |
|---|---|---|
| General retail / service | 1.0x (baseline) | Moderate data exposure |
| E-commerce | +40% | Payment card data, fraud risk |
| Healthcare / clinics | +60% | HIPAA, PHI sensitivity |
| Tech / IT / SaaS | +88% | High target value, client data liability |
| Financial services / CPA | +70% | Financial data, regulatory exposure |
| Manufacturing (light) | -20% | Lower data footprint |
| Construction / trades | -30% | Minimal customer data systems |
State Variance
Cyber insurance pricing varies less by state than other commercial lines, but notification law complexity drives some premium differences. States with more onerous breach notification laws (California, New York) typically see 10 to 20 percent higher cyber premiums due to compliance cost exposure.
BOP Cyber Endorsement vs Standalone Policy
| Option | Cost | Limit | Best For |
|---|---|---|---|
| BOP cyber endorsement | $300-800/yr | $50k-250k sublimit | Businesses with minimal data exposure |
| Standalone cyber policy | $999-8,000/yr | $1M-$5M+ | Any business with significant customer data |
| Coalition cyber (active security) | $600-2,400/yr | $1M standard | Tech-forward businesses, MFA required |
| At-Bay cyber | $700-3,000/yr | $1M-$5M | Mid-market, advanced controls credit |
If your business stores more than 500 customer records, processes credit cards, or handles any healthcare or financial data, a standalone cyber policy is recommended over a BOP endorsement.
Compare 2026 Cyber Liability Quotes
Get quotes from NEXT, Hiscox, and Simply Business. Takes 5 minutes. No obligation.
Affiliate links. We may earn a commission at no cost to you. This does not influence our editorial recommendations.
Frequently Asked Questions
How much does cyber liability insurance cost?
Cyber insurance costs $83 to $134 per month for most small businesses in 2026. Sole proprietors in low-risk fields pay $33 to $50 per month. Tech companies, healthcare practices, and financial services firms pay $150 to $400 per month. The main cost drivers are revenue size, employee count, data type, and existing security controls.
What does cyber insurance cover?
Cyber insurance covers data breach response, customer notification and credit monitoring, ransomware payments (usually), business interruption during a cyber event, regulatory fines, forensic investigation, and legal defense. It does not cover reputation damage, prior known incidents, or intentional insider acts.
Do small businesses actually get hacked?
Yes, at high rates. Small businesses represent 43 percent of all cyberattack targets according to 2025 Verizon DBIR data. They are targeted because they typically have weaker security than enterprises but still have valuable data. Ransomware groups increasingly automate targeting, making size irrelevant to attack probability.
Is a BOP cyber endorsement enough?
For businesses with minimal data exposure, possibly. But BOP cyber endorsements are typically sublimited to $50,000 to $250,000. The average cost of a small business breach is $120,000 to $200,000. If you process payments, store healthcare records, or serve enterprise clients, a standalone $1M policy is the right coverage level.
What security controls reduce cyber premiums?
Multi-factor authentication (MFA) on email and remote access typically earns a 10 to 20 percent credit. Endpoint detection and response (EDR) software earns another 5 to 15 percent. Regular backups stored offline earn additional credit. Coalition and At-Bay specialize in active security monitoring and offer premium credits for strong controls.