bollinsure.com/business/cyber-insurance
California Cyber Insurance Specialists

Your data is under attack.
Cyber insurance is your last line of defense.

Data breach, ransomware, CCPA liability, and business interruption coverage for California businesses. Standard GL and property policies often exclude cyber events β€” cyber coverage is designed for these gaps.

First-Party & Third-Party Coverage
CCPA Compliance Coverage
350+ Carriers Compared
CA Licensed DOI 4345268
LIVE THREAT INTELLIGENCE FEED
0
Attacks/min globally
$4.88M
Avg breach cost 2024
SMB
Risk

Coverage Components

Everything a cyber policy
should cover

A complete cyber policy covers your own losses (first-party) and claims from others (third-party). Here's what each component does.

πŸ”’
// first_party

Ransomware Response

Covers ransom payments, decryption specialist fees, system restoration, and business interruption while systems are locked. Ransomware events can create six- or seven-figure recovery costs.

Many insurers want to see offline backups and MFA before offering strong ransomware terms. We review your controls before placement.
πŸ—„οΈ
// first_party

Data Breach Response

Covers forensic investigation to identify the breach, breach notification to affected individuals (required by California law), credit monitoring for affected parties, and public relations costs.

California breach notification rules can require fast notice to affected residents. Notification, forensic, legal, and credit-monitoring costs can add up quickly.
⏱️
// first_party

Business Interruption

Covers lost income and ongoing expenses when a cyber event forces system downtime. A ransomware attack that shuts down operations for 5 days can cost more than the ransom itself.

Waiting period applies (typically 8-12 hours before coverage triggers). Set limits at full daily revenue exposure.
βš–οΈ
// third_party

Cyber Liability

Covers customer lawsuits when their personal data is compromised by a breach you suffer. Under California's CCPA, affected individuals can sue for up to $750 per consumer per incident.

A breach affecting many California consumers can create significant statutory-damages exposure at the high end of the CCPA range.
πŸ“‹
// third_party

Regulatory Defense & Fines

Can help with CCPA-related regulatory investigations, defense costs, and certain covered penalties where insurable by law and policy terms. Also covers PCI-DSS fines for payment card breaches.

California privacy penalties can be substantial, especially for intentional or repeated violations.
πŸ’Ό
// tech_e&o

Technology E&O (Tech Companies)

Technology errors & omissions covers claims from failures of technology products or services you provide to others β€” a software bug, system outage, or implementation failure that damages a client.

Tech E&O is separate from cyber insurance but often packaged together. Both are essential for technology companies.
// california_specific

CCPA can create significant
cyber liability exposure

California's Consumer Privacy Act gives individuals the right to sue businesses directly for data breaches β€” creating liability exposure most California businesses have never quantified.

$750
Statutory damages per consumer per incident under CCPA
$7,500
Max CPPA fine per intentional violation
30
Days to notify breach victims under CA law
SMB
Of SMB cyberattack victims out of business within 6 months
πŸ“œ

Who CCPA May Apply To

Businesses that collect personal information from California consumers and meet current CCPA/CPRA applicability thresholds. These thresholds and definitions should be reviewed with legal counsel because they can change.

⚠️

Private Right of Action

Unlike most privacy laws, CCPA can give individuals a private right of action for certain breaches involving nonencrypted and nonredacted personal information. Statutory damages are commonly described as $100-$750 per consumer per incident, or actual damages, subject to current law.

πŸ”

What Cyber Insurance Covers

CCPA-related breach response costs, regulatory defense and investigation, class action defense and settlements, and the forensic investigation required to determine breach scope.

πŸ›οΈ

CPPA Enforcement

The California Privacy Protection Agency can investigate CCPA violations. Cyber insurance may help with regulatory defense and certain covered penalties where allowed by law and policy wording.

Coverage Explorer

Explore each coverage type β€” in depth

By Industry

Cyber risk for your specific industry

Every industry has different cyber exposures, regulatory requirements, and coverage priorities.

// underwriting_requirements

Security controls that
insurers require

Cyber insurers now actively assess your security posture. Missing key controls can result in coverage denial or much higher premiums.

βœ“

Multi-Factor Authentication (MFA)

Required on email, remote access (VPN), and privileged accounts. A key underwriting requirement β€” missing MFA can limit available markets or materially increase premium.

Often required
βœ“

Offline / Immutable Backups

Backups not connected to the main network. Ransomware encrypts connected backups. Offline backups are what actually restores your systems.

Often required for ransomware terms
βœ“

Endpoint Detection & Response (EDR)

Advanced endpoint security that detects threats in real time. Basic antivirus is no longer sufficient β€” carriers want EDR or MDR.

Often required by carriers
βœ“

Privileged Access Management

Controls on admin and privileged accounts. Attackers target these accounts first β€” limiting their access limits blast radius of a breach.

Significantly lowers premium
βœ“

Employee Security Awareness Training

Phishing is the #1 entry point for attacks. Regular training reduces phishing click rates and improves incident response.

Lowers premium / improves terms
βœ“

Incident Response Plan

A documented plan for responding to a cyber incident. Carriers want to know you won't waste precious hours figuring out who to call.

Often required for $5M+ limits
Typical Cyber Insurance Rates β€” California
Small office / professional ($1M-$5M rev)$800–$2,500/yr
Mid-size business ($5M-$25M rev)$2,500–$8,000/yr
Larger business ($25M-$100M rev)$8,000–$25,000/yr
Healthcare (any size β€” HIPAA exposure)Premium +30-50%
Tech company β€” with Tech E&O$2,500–$15,000/yr
Missing MFA surcharge+50-100% or declined
Cyber pricing and underwriting requirements can change quickly due to ransomware frequency and claim trends. Best pricing goes to businesses with strong security controls. We review your controls and match you to carriers who reward good security hygiene.
Get a Cyber Coverage Review β†’

Coverage Gap

What your existing policies
don't cover β€” and cyber does

Cyber Event / LossGL PolicyProperty PolicyCyber Insurance
Ransomware payment & recoveryExcludedExcludedβœ“ Covered
Business interruption from system outageExcludedExcludedβœ“ Covered
Data breach notification costsExcludedExcludedβœ“ Covered
Customer lawsuits for data breach (CCPA)ExcludedExcludedβœ“ Covered
Regulatory fines β€” CCPA / CPPAExcludedExcludedβœ“ Covered
Forensic investigation costsExcludedExcludedβœ“ Covered
Wire fraud / social engineering lossExcludedExcludedAdd-on endorsement
Physical damage to servers from power surgeExcludedβœ“ Equipment breakdownSome policies include

Serving All of California

Cyber insurance for every California business

We serve California businesses statewide β€” from solo professionals to enterprise operations.

Los Angeles
LA County
San Diego
San Diego County
San Francisco
SF County
Orange County
Irvine Β· Anaheim
Sacramento
Sacramento County
San Jose
Silicon Valley
Oakland
Alameda County
Fresno
Central Valley
Long Beach
LA County
Riverside
Riverside County
Ventura County
Oxnard Β· TO
Santa Barbara
SB County
San Bernardino
IE Region
Bakersfield
Kern County
All 58 Counties
Statewide

FAQ

Cyber insurance explained

Cyber insurance covers first-party losses (your direct losses) and third-party liability (claims from others). First-party: ransomware payments and recovery, business interruption from system downtime, data recovery, breach notification, and PR costs. Third-party: customer lawsuits for data breaches, CCPA regulatory fines and defense, PCI-DSS penalties for payment card breaches.

CCPA does not generally require it, but it can create significant liability exposure that makes coverage worth reviewing. CCPA allows individuals to sue businesses for data breaches β€” up to $750 per consumer per incident in statutory damages without needing to prove actual harm. A breach affecting many California consumers can create significant statutory-damages exposure. Cyber insurance covers CCPA breach response, regulatory defense, and settlements.

No. Standard GL and property policies explicitly exclude cyber events. Some older GL policies have ambiguous cyber language, but modern policies contain specific cyber exclusions. Cyber insurance is a standalone policy specifically designed for technology-related risks that GL and property policies don't cover.

Yes. Ransomware and phishing attacks frequently target small and mid-size businesses. Small businesses are often targeted because they have fewer security resources. Any California business that stores customer data, processes payments, or relies on computer systems should review cyber insurance. A ransomware attack that shuts down operations for a week can cost more than a year's worth of cyber insurance premiums.

Most carriers now require: multi-factor authentication (MFA) on email and remote access, offline or immutable backups, endpoint detection and response (EDR) tools, and privileged access management. Missing MFA can limit available markets or materially increase premium at many standard carriers. We review your security posture before placement and match you to carriers appropriate for your controls.

A small California business (under $5M revenue) with basic security controls might pay $800-$2,500/year for $1M in coverage. Mid-size businesses ($5M-$50M revenue) typically pay $2,500-$15,000/year. Healthcare and financial services businesses pay more due to regulatory exposure. Businesses with strong security controls β€” especially MFA and offline backups β€” get significantly better rates.

Cyber insurance covers incidents that happen to your business β€” data breaches, ransomware, business interruption. Tech E&O (errors & omissions) covers claims from failures of technology products or services you provide to clients β€” a software bug, missed deadline, or implementation error that damages a client. Technology companies typically need both, and many carriers offer them as a combined policy.

// cyber_coverage_checklist
Does your policy include all of these?
First-party ransomware coverage
Business interruption from cyber event
Data breach notification costs
Forensic investigation coverage
CCPA regulatory defense & fines
Third-party cyber liability
Social engineering / wire fraud
Tech E&O (if tech company)
Adequate retention period for MDR
// quick_facts
California cyber insurance facts
β€ΊGL and property policies exclude cyber
β€ΊCCPA: $750/consumer/incident exposure
β€ΊMFA required by most carriers
β€ΊSMBs are frequent targets
β€ΊBreach notification: 30 days under CA law
β€ΊRates up 30-50% β€” review before renewal
Protect Your Business

Free cyber insurance review.
Your data won't wait.

We review your security posture, identify coverage gaps, and compare 350+ carriers to find the right cyber policy β€” at the strong available terms for your security controls.

Or call Brian: 310-804-5017