Your data is under attack.
Cyber insurance is your last line of defense.
Data breach, ransomware, CCPA liability, and business interruption coverage for California businesses. Standard GL and property policies often exclude cyber events β cyber coverage is designed for these gaps.
Coverage Components
Everything a cyber policy
should cover
A complete cyber policy covers your own losses (first-party) and claims from others (third-party). Here's what each component does.
Ransomware Response
Covers ransom payments, decryption specialist fees, system restoration, and business interruption while systems are locked. Ransomware events can create six- or seven-figure recovery costs.
Data Breach Response
Covers forensic investigation to identify the breach, breach notification to affected individuals (required by California law), credit monitoring for affected parties, and public relations costs.
Business Interruption
Covers lost income and ongoing expenses when a cyber event forces system downtime. A ransomware attack that shuts down operations for 5 days can cost more than the ransom itself.
Cyber Liability
Covers customer lawsuits when their personal data is compromised by a breach you suffer. Under California's CCPA, affected individuals can sue for up to $750 per consumer per incident.
Regulatory Defense & Fines
Can help with CCPA-related regulatory investigations, defense costs, and certain covered penalties where insurable by law and policy terms. Also covers PCI-DSS fines for payment card breaches.
Technology E&O (Tech Companies)
Technology errors & omissions covers claims from failures of technology products or services you provide to others β a software bug, system outage, or implementation failure that damages a client.
CCPA can create significant
cyber liability exposure
California's Consumer Privacy Act gives individuals the right to sue businesses directly for data breaches β creating liability exposure most California businesses have never quantified.
Who CCPA May Apply To
Businesses that collect personal information from California consumers and meet current CCPA/CPRA applicability thresholds. These thresholds and definitions should be reviewed with legal counsel because they can change.
Private Right of Action
Unlike most privacy laws, CCPA can give individuals a private right of action for certain breaches involving nonencrypted and nonredacted personal information. Statutory damages are commonly described as $100-$750 per consumer per incident, or actual damages, subject to current law.
What Cyber Insurance Covers
CCPA-related breach response costs, regulatory defense and investigation, class action defense and settlements, and the forensic investigation required to determine breach scope.
CPPA Enforcement
The California Privacy Protection Agency can investigate CCPA violations. Cyber insurance may help with regulatory defense and certain covered penalties where allowed by law and policy wording.
Coverage Explorer
Explore each coverage type β in depth
By Industry
Cyber risk for your specific industry
Every industry has different cyber exposures, regulatory requirements, and coverage priorities.
Security controls that
insurers require
Cyber insurers now actively assess your security posture. Missing key controls can result in coverage denial or much higher premiums.
Multi-Factor Authentication (MFA)
Required on email, remote access (VPN), and privileged accounts. A key underwriting requirement β missing MFA can limit available markets or materially increase premium.
Offline / Immutable Backups
Backups not connected to the main network. Ransomware encrypts connected backups. Offline backups are what actually restores your systems.
Endpoint Detection & Response (EDR)
Advanced endpoint security that detects threats in real time. Basic antivirus is no longer sufficient β carriers want EDR or MDR.
Privileged Access Management
Controls on admin and privileged accounts. Attackers target these accounts first β limiting their access limits blast radius of a breach.
Employee Security Awareness Training
Phishing is the #1 entry point for attacks. Regular training reduces phishing click rates and improves incident response.
Incident Response Plan
A documented plan for responding to a cyber incident. Carriers want to know you won't waste precious hours figuring out who to call.
Coverage Gap
What your existing policies
don't cover β and cyber does
| Cyber Event / Loss | GL Policy | Property Policy | Cyber Insurance |
|---|---|---|---|
| Ransomware payment & recovery | Excluded | Excluded | β Covered |
| Business interruption from system outage | Excluded | Excluded | β Covered |
| Data breach notification costs | Excluded | Excluded | β Covered |
| Customer lawsuits for data breach (CCPA) | Excluded | Excluded | β Covered |
| Regulatory fines β CCPA / CPPA | Excluded | Excluded | β Covered |
| Forensic investigation costs | Excluded | Excluded | β Covered |
| Wire fraud / social engineering loss | Excluded | Excluded | Add-on endorsement |
| Physical damage to servers from power surge | Excluded | β Equipment breakdown | Some policies include |
Serving All of California
Cyber insurance for every California business
We serve California businesses statewide β from solo professionals to enterprise operations.
FAQ
Cyber insurance explained
Cyber insurance covers first-party losses (your direct losses) and third-party liability (claims from others). First-party: ransomware payments and recovery, business interruption from system downtime, data recovery, breach notification, and PR costs. Third-party: customer lawsuits for data breaches, CCPA regulatory fines and defense, PCI-DSS penalties for payment card breaches.
CCPA does not generally require it, but it can create significant liability exposure that makes coverage worth reviewing. CCPA allows individuals to sue businesses for data breaches β up to $750 per consumer per incident in statutory damages without needing to prove actual harm. A breach affecting many California consumers can create significant statutory-damages exposure. Cyber insurance covers CCPA breach response, regulatory defense, and settlements.
No. Standard GL and property policies explicitly exclude cyber events. Some older GL policies have ambiguous cyber language, but modern policies contain specific cyber exclusions. Cyber insurance is a standalone policy specifically designed for technology-related risks that GL and property policies don't cover.
Yes. Ransomware and phishing attacks frequently target small and mid-size businesses. Small businesses are often targeted because they have fewer security resources. Any California business that stores customer data, processes payments, or relies on computer systems should review cyber insurance. A ransomware attack that shuts down operations for a week can cost more than a year's worth of cyber insurance premiums.
Most carriers now require: multi-factor authentication (MFA) on email and remote access, offline or immutable backups, endpoint detection and response (EDR) tools, and privileged access management. Missing MFA can limit available markets or materially increase premium at many standard carriers. We review your security posture before placement and match you to carriers appropriate for your controls.
A small California business (under $5M revenue) with basic security controls might pay $800-$2,500/year for $1M in coverage. Mid-size businesses ($5M-$50M revenue) typically pay $2,500-$15,000/year. Healthcare and financial services businesses pay more due to regulatory exposure. Businesses with strong security controls β especially MFA and offline backups β get significantly better rates.
Cyber insurance covers incidents that happen to your business β data breaches, ransomware, business interruption. Tech E&O (errors & omissions) covers claims from failures of technology products or services you provide to clients β a software bug, missed deadline, or implementation error that damages a client. Technology companies typically need both, and many carriers offer them as a combined policy.
Free cyber insurance review.
Your data won't wait.
We review your security posture, identify coverage gaps, and compare 350+ carriers to find the right cyber policy β at the strong available terms for your security controls.