Cyber Insurance Small Business Cost Calculator

Cyber insurance covers ransomware, data breach, business interruption from cyberattack. Premium driven by revenue, industry, MFA adoption, EDR deployment, backup strategy.

Annual Premium
Per $1K Revenue
Typical Deductible
Annual revenue
Industry risk factor
Base premium (per $1K revenue, by industry)
Coverage limit factor
Security controls discount
Estimated annual premium
Typical deductible
Ad Space

Cyber insurance has become essential for small and mid-sized businesses in 2026. Premiums vary widely based on revenue, industry risk, and security controls. A $5M-revenue retail business might pay $3K-$8K/year for $1M coverage; a $5M healthcare business pays $15K-$30K for the same coverage. Strong security controls (MFA, EDR, offline backups, employee training) qualify for 25-40% discounts and may be required to obtain coverage at all.

What Cyber Insurance Covers

Standard cyber insurance policies cover: (1) Ransomware payments and negotiation (with restrictions). (2) Data breach response (forensics, notification, credit monitoring). (3) Regulatory fines (HIPAA, GDPR, state breach laws). (4) Business interruption from cyber events. (5) Third-party liability (customer data breach lawsuits). (6) Social engineering fraud (limited sub-limits, typically $250K). Most policies have separate sub-limits for each coverage type — don't assume your $1M policy covers $1M of any one category.

Required Security Controls

Insurers in 2026 require demonstrable security controls before issuing coverage: (1) MFA on all admin and email accounts. (2) EDR (endpoint detection and response) software like CrowdStrike or SentinelOne. (3) Offline or air-gapped backups tested regularly. (4) Employee phishing training. (5) Vulnerability patching policy. (6) Incident response plan. Failure to maintain stated controls during the policy period can void coverage on claim.

Major Exclusions

Read your policy carefully — common exclusions include: war and cyber-war (Lloyd's of London 2022 clause excludes nation-state attacks like NotPetya), criminal acts by insureds, fines from intentional violations, pre-existing breaches you knew about, supply chain attacks affecting your vendor (typically separate coverage required), social media reputation damage. Source: NAIC, Marsh Cyber Insurance Report, Verizon DBIR.

Last updated May 2026. Sources: NAIC Cyber Risk.