What is cyber insurance recommended by the government? - Explanation of coverage, damage cases, and how insurance premiums are determined -

As society becomes more digitalized through the advancement of IoT/cashless technology and the spread of telework/web conferencing, cyberattacks targeting customer and technical information held by companies are on the rise. These methods are becoming more sophisticated in line with changes in the digital environment, and companies are currently required to implement continuous information security measures.

On the other hand, according to a survey by the Japan Policy finance Public Treasury*, the majority of companies say that they are "lagging behind" or "slightly behind" compared to other companies in the same industry regarding the current state of security measures in their companies. In addition, there seem to be several issues and obstacles as reasons for the lack of progress in countermeasures, such as "lack of funds", "lack of understanding by management", and "lack of manpower" in the same survey.
*February 2022 "Monthly Survey Report" Japan Policy finance Public Treasury

As an effective measure when it takes time to implement security measures due to these issues, the "Guidelines for the Construction and Operation of E-commerce Sites" published by the IPA (Information Technology Promotion Agency), the IT policy implementation body of Ministry of Economy, Trade and Industry, states that in the unlikely event that an e-commerce site is damaged by a cyber attack, it is a "first aid" to purchase "cyber insurance" It is recommended as.
* "EC Site Construction and Operation Guidelines"

In this article, we will explain how such "cyber insurance" works, its benefits, and what kind of business operators should introduce it.

1. What is cyber insurance? What kind of risk is the insurance covered?

Cyber insurance is one of the defense measures against cybersecurity risks, and it is insurance that covers the risk of financial loss of a company due to information leakage and cyber attacks.

Cyber insurance mainly covers the following three types of risks:

1. Compensation for Damages
Risk of loss due to legal damages, legal costs, etc. incurred due to information leakage or system outage due to cyber attacks.

2. Cost damage
Risk of loss such as the cost of investigating the cause and scope of the cause and damage caused by information leakage or cyberattack, call center installation cost, legal consultation fee, and sympathy money

3. Loss of Profits
Risk of loss due to business suspension, loss of profits, etc. due to the suspension of IT equipment that constitutes the company's network through a cyber attack

The timing of the occurrence of the above loss risk between the occurrence of the accident and the end of the accident is shown as follows.

2. Examples of cyber incidents

In order to have a specific understanding of the three types of risks mentioned above,
In this section, we will introduce examples of accidents published by the Japan General Insurance Association and their estimated damage. *The following are examples of cyber incidents and do not indicate insurance payments.

■Example 1) In the case of manufacturing company A (50 employees, annual sales of 1 billion yen)
The subcontractor was hit by a ransomware attack, and about 10,000 customer information of Company A was leaked.

Estimated damage: 10.5 million yen

Cost damage
Media correspondence consultation fee 1,500,000 yen
Customer service fee (apology letter, call center installation cost) 8 million yen
Litigation costs 1 million yen

■Example 2) In the case of retail company B (10 employees, annual sales of 300 million yen)
Unauthorized access to a shopping site leaked the information of 10,000 members. The site was closed for six months.

Estimated damage: 94.5 million yen

Compensation for Damages
Damages and litigation costs 36 million yen

Loss of Profits
Lost profit 30 million yen

Cost damage
Accident cause investigation cost 3 million yen
Customer service expenses (apology, call center installation costs) 17 million yen
EC site reconstruction cost 8 million yen
Legal consultation 500,000 yen

These figures fluctuate depending on various factors such as the amount and content of leaked information, but if the same amount of damage could occur, it should not be taken lightly.

3. Benefits of having cyber insurance

When purchasing cyber insurance to protect against the risks mentioned above, subscribers can enjoy the following benefits:

・Covers damages caused by cyberattacks, etc.
It is possible to cover various damages caused by cyber attacks and employee negligence with insurance money.　　　*Some damages are not covered, so please consult your insurance company/insurance agent for details.

・Early resumption in the event of business suspension
In the event of a cyberattack or breach, payment will take action, such as suspending functionality or temporarily shutting down the site. In that case, the resumption will not be allowed until the cause of the spill has been identified, first aid, and countermeasures have been implemented, so it is necessary to make a decision on the contribution of various expenses as soon as the accident occurs. By utilizing cyber insurance, you can indirectly support these decisions and implementation.

4. How is the premium for cyber insurance determined?

In general, the cost of cyber insurance depends on the following factors:

・Sales
・Industry
・Compensation details
・Security measures
・Whether there have been past accidents (information leaks, cyberattacks, etc.)

Insurance companies have different methods of calculating premiums, and it is common to make decisions based on various factors such as insurance payment limits, compensation plans, and the company's business content.

In essence, it's not just about cyber insurance, it's about preventing cyberattacks through security measures.
However, for companies that have barriers to countermeasures (such as lack of funds, lack of understanding of management, lack of manpower, etc.), transferring cybersecurity risks to insurance is a feasible measure in the short term.

GMO Payment Gateway offers a wide range of security solutions that support cyber insurance and other security measures.

We will help you improve your security system and sales by making proposals tailored to the characteristics of each business. Please feel free to contact us.

Approval Number: B25-100267
Approval date: July 2025