Statement Insurance Agency
← All policies

Cyber Liability Insurance

Also known as Cyber insurance, data breach insurance, cyber risk coverage

You’re not too small to get hacked. The bots genuinely do not care how many employees you have.

Cyber liability is the policy that gets you back on your feet after a data breach, a ransomware lockout, or the email scam that tricks someone into wiring money to a stranger. It pays your own recovery costs — forensics, notifying customers, restoring data, the income you lose while you’re down — and defends you when the people whose data leaked come knocking. The myth worth killing: “we’re too small to be a target.” Attacks are automated and indiscriminate, and a single contractor or property manager can lose a week of work to one bad click. It won’t cover physical damage or your own employees’ theft (that’s crime coverage), and untangling those overlaps is part of what we do.

Get a QuoteTalk to an Advisor

Reviewed for accuracy by Mark Hutchings, Licensed Insurance Producer (NV #3600994).

Who needs Cyber Liability?

  • You store customer, payment, or employee data — even a few client records on a laptop or in cloud software is enough exposure to matter.
  • You’re a small contractor who figures you’re “too small to be a target” — automated attacks don’t check your headcount, and a single ransomware event can stop a job cold.
  • You manage property or run a real estate firm and hold tenant applications, Social Security numbers, bank details, and lease records.
  • You run a restaurant, bar, or food-and-beverage operation with point-of-sale systems that store customer payment-card data.
  • You wire money, pay vendors, or process invoices electronically — the prime target for funds-transfer fraud and fake-invoice scams.

What it covers

  • Breach response and notification — forensic investigation, legal guidance, notifying affected individuals, and credit-monitoring services, which Nevada and California notification laws may require.
  • Ransomware and cyber extortion — the costs of responding to an extortion demand, including negotiation, specialist help, and (where permitted) ransom payments, subject to policy terms.
  • Data restoration and recovery — the cost to restore, recover, or recreate data and systems damaged or corrupted by a covered cyber event.
  • Business interruption from an outage — the income you lose and the extra expenses you take on while a covered attack or system failure keeps you offline.
  • Third-party liability — defense costs and settlements when customers, vendors, or other parties sue because their data was exposed in your breach.
  • Social-engineering and funds-transfer fraud (add-on) — losses when an employee is tricked into wiring funds or changing payment instructions; usually an optional endorsement with its own sub-limit.

What it doesn’t cover

  • Physical damage to your building, equipment, or inventory — even if a cyber event triggers it; that belongs to your commercial property policy.
  • Theft or fraud committed by your own employees — that’s commercial crime / employee dishonesty coverage (and note the overlap with social-engineering fraud, so the two policies should be coordinated to avoid gaps).
  • Bodily injury or physical harm to a person — that’s your general liability policy.
  • Professional mistakes, bad advice, or failure to deliver services — that’s professional liability / errors & omissions (E&O).
  • Loss of future business value or reputation beyond stated limits — most policies cap intangible and reputational recovery, so read the limits carefully.
  • Upgrades and “betterment” — the cost to improve your systems beyond their pre-breach condition is typically excluded.

Real claim scenarios

Ransomware shuts down a contractor

A Reno general contractor opens a malicious email attachment, and ransomware locks the project-management and accounting systems. Cyber coverage funds the forensic response, negotiation with the attackers, data restoration, and the income lost while crews sit idle waiting for systems to come back online.

Property manager’s tenant data is exposed

A property management firm in California suffers a breach that exposes tenant Social Security numbers and bank details. The policy pays for the forensic investigation, the legally required notifications to affected residents, credit monitoring, and the defense costs when several tenants file claims.

Fake-invoice wire fraud at a restaurant group

An accounts-payable clerk at a multi-location restaurant operator gets a spoofed email that looks like it’s from a regular vendor with “updated” banking details, and wires a large payment to the fraudster. The social-engineering fraud endorsement reimburses the loss, subject to the sub-limit and policy conditions.

Scenarios are illustrative; actual coverage depends on your policy terms.

How it’s priced

Cyber premiums come down to how much sensitive data you handle, how exposed you are to attack, and how strong your security controls are. Carriers increasingly want to see basic safeguards — like multi-factor authentication and data backups — before they’ll quote, and good controls can meaningfully lower your premium. Figures vary widely by business and carrier, so treat any number as a general range, not a quote.

  • Records and data type — the volume and sensitivity of the records you store (payment-card, health, and Social Security numbers all raise the risk).
  • Revenue and industry — higher revenue and higher-risk sectors (retail, food service, anyone taking card payments) generally cost more.
  • Security controls — multi-factor authentication, endpoint protection, encryption, and tested backups can lower your premium and are often mandatory.
  • Limits, sub-limits, and deductible (retention) — higher limits cost more, and the retention you accept brings your premium down.
  • Coverage scope — adding social-engineering fraud, funds-transfer fraud, or higher business-interruption limits raises the cost.
  • Claims and incident history — prior breaches or claims can push up your rate or restrict the coverage available to you.

What to watch out for

  • Social-engineering fraud is usually a separate add-on with a low sub-limit — confirm it’s included and that the limit is adequate, since it’s one of the most common losses we see.
  • Security warranties and conditions — if your application says you use MFA or backups and you don’t, a carrier may deny a claim; answer truthfully and keep those controls in place.
  • The crime/cyber overlap — funds-transfer fraud can fall between your cyber and commercial crime policies, so coordinate both and a loss won’t get denied by each one pointing at the other.
  • Sub-limits and waiting periods — business-interruption coverage often has a waiting period (an hours-based deductible) and a sub-limit lower than your overall policy limit.
  • NV and CA notification obligations — both states require notifying affected residents after certain breaches, so make sure your breach-response coverage and limits realistically cover that effort.

Cyber Liability FAQs

It varies by your revenue, the type and volume of data you handle, your security controls, and the limits you choose. Small businesses often see premiums in the low four figures annually, but high-risk operations or larger limits cost more. The only reliable number is a quote based on your actual exposure, and we’re happy to help you get one.

Related coverages

Related reading

We tailor Cyber Liability for: Construction & Contractors, Commercial Real Estate, Food & Beverage.

Get Cyber Liability coverage that fits

We’ll match your limits and endorsements to what your contracts actually require — across Nevada & California.

Get a QuoteContact Us