All businesses need to have some types of insurance to protect them. Workers’ compensation insurance is required by law in many areas, and product liability and general liability insurance are musts to protect the integrity of your company.

Now there’s a new type of insurance emerging, and it’s seemingly growing in importance: cyber insurance. Meant to protect companies and entrepreneurs against hacks, data breaches, and online threats, cyber insurance is a safety net for modern, data-centric businesses.

But is it really worth the money? And should your business have it?

What Is Cyber Insurance?

Let’s start by defining exactly what cyber insurance is and how it can be used. In general, cyber insurance is designed to protect businesses against most types of cyber threats, including any financial damages or losses that arise from those threats.

While policies will vary based on providers and client needs, these are some of the most reliable hallmarks of your average cyber insurance policy:

  • Data recovery. If your business’s data is corrupted or damaged, your cyber insurance policy may be able to compensate you for the costs of recovering it. This might include forensic data recovery, or other strategies meant to repair or retrieve lost records. It may also include the costs necessary to re-gather information.
  • Damage compensation. You’ll probably be compensated for whatever damage the data breach does to the business. For example, if you lose a piece of hardware to a cyberattack, your cyber insurance policy will likely cover the costs of a new model.
  • Defense costs. Cyberattacks can be even costlier if your customers decide to take legal action against your business. Most cyber insurance policies will pay for some or all of your defense costs as you attempt to make things right.
  • Business disruption. While you’re sorting out the hack or data breach, you won’t be able to dedicate the same time or resources you once did to the core business. Some cyber insurance policies also have a business disruption or interruption clause that can compensate you for some of the work you’d miss out on during this time.

How Much Does It Cost?

The costs for a cyber insurance policy vary based on several variables, including:

  • The size of your business (and managed assets). The bigger your business is, and the more data you have to protect, the more you’re going to pay for a cyber insurance policy.
  • Your risk factors. Some businesses have more risk factors than others. You might be in an industry that’s a common target for cybercriminals, or you might have more points of a vulnerability than other businesses. These will cost you more.
  • Your current level of cyber If you already have a good IT team, and solid security measures in place, you’ll probably get a discount on your policy.
  • The comprehensiveness of the policy. Of course, the nature of your policy will also factor into how much you pay; the more clauses and features you have, the more you’re going to spend.

Some large firms, such as those with up to $500 million in client assets, might pay $5,100 per year as a premium. Other small businesses with more basic policies might pay less than $1,000.

The Typical “Hack”

So is cyber insurance really necessary, or worth the money? Let’s take a look at the numbers. You can look at the biggest hacks to get a gauge for how expensive a cyber vulnerability can be; the total cost of the Equifax breach is estimated to be more than $600 million, though costs continue to climb. But even small-scale hacks can be costly. Cyberattacks cost businesses somewhere between $84,000 and $148,000. You might be able to swing those costs, but keep in mind that 60 percent of small businesses go under within six months of an attack. By comparison, even a pricey premium seems reasonable.

Your Risks

You should also consider what specific risk factors your business faces. Small businesses, for example, are especially vulnerable to attacks; not only do 36 percent of all hacks target small businesses, 83 percent of small businesses currently have no formal cybersecurity plan. Some industries, like the healthcare industry, are higher-value targets for hackers as well as offering a higher volume of available data. The catch-22 is that the more vulnerable your business is, the more you’ll need cyber insurance—but the more expensive it will be as well.

Is It Worth It?

So is cyber insurance worth it? That depends on the nature of your business, and how well-protected you are against a potential cyber threat. However, the prevalence and power of cyberattacks are increasing, so cyber insurance is becoming more important for business owners. And for most companies, this simple insurance policy is worth it.