Cyber Insurance Premium Estimator
Estimate your organization's annual cyber insurance premium based on revenue, industry risk profile, data sensitivity, security posture, and claims history.
Your organization's total annual revenue in US dollars.
Industries handling sensitive data or critical infrastructure carry higher premiums.
Total PII, PHI, PCI, or other sensitive records stored or processed.
Maximum payout limit per policy period (e.g. $1M, $5M, $10M).
Self-assessed score: MFA, encryption, EDR, patching, backups, training, IR plan, etc.
Prior claims significantly increase premiums due to elevated risk profile.
Higher deductibles reduce premiums. Typical range: $5,000–$100,000.
Formula & Methodology
Annual Premium = Base Rate × Coverage Factor × Records Factor × Industry Multiplier × Security Multiplier × Claims Multiplier × Deductible Credit
- Base Rate = max(Revenue × 0.001, $500) — approximately 0.10% of annual revenue, floored at $500.
- Coverage Factor = (Coverage Limit / $1,000,000)0.65 — non-linear scaling reflecting that larger limits are not proportionally more expensive due to loss probability distributions.
- Records Factor = 1 + (Records / 1,000,000) × 0.5 — each additional million sensitive records adds 50% to the exposure component.
- Industry Multiplier = 0.8 (Low Risk) to 2.0 (Critical Risk) — reflects sector-specific breach frequency and severity data.
- Security Multiplier = 1.5 − (Score / 100), clamped [0.40, 1.60] — a score of 100 yields a 60% discount; a score of 0 yields a 60% loading.
- Claims Multiplier = 1.0 (no claims) to 2.0 (3+ claims) — prior losses are the strongest predictor of future losses.
- Deductible Credit = 1 − min(Deductible / Coverage, 0.40) — higher self-retention reduces insurer exposure, capped at 40% credit.
- Rate-on-Line (ROL) = Premium / Coverage × 100 — typical cyber ROL ranges from 1%–15% depending on risk profile.
Assumptions & References
- Base rate of 0.10% of revenue is consistent with SME cyber market pricing benchmarks (Marsh, Woodruff Sawyer, 2023–2024 Cyber Market Reports).
- Coverage factor exponent of 0.65 reflects actuarial practice of sub-linear limit scaling (ISO/ILF methodology).
- Industry multipliers derived from IBM Cost of a Data Breach Report 2023 and Verizon DBIR 2023 sector breach frequency data.
- Security controls scoring framework aligned with CIS Controls v8 and NIST CSF maturity levels; MFA alone can reduce breach risk by ~80% (Microsoft Security Intelligence Report).
- Claims loading factors consistent with standard cyber underwriting guidelines (Munich Re, Swiss Re Cyber Underwriting Guidelines).
- Deductible credit capped at 40% per standard market practice; very high retentions beyond 40% of limit are unusual and require separate negotiation.
- Model assumes first-party and third-party coverage (data breach response, business interruption, liability, regulatory defense) in a single combined limit.
- Does not account for: specific policy exclusions, war/nation-state exclusions, ransomware sub-limits, geographic exposure, or individual underwriter appetite.
- Premiums below $500/year are floored as most insurers have minimum premium thresholds.
- This tool is for educational and planning purposes only and does not constitute an insurance quote or offer.