Cyber insurance is the coverage for what happens when a hacker, scammer, or data breach hits the business. Ransomware locks down your dispatch system. A phishing email gets a fake invoice paid. Customer data leaks. The fleet management portal goes down. Cyber insurance pays the recovery cost, the business interruption, and the legal cleanup.
Most ag trucking operations think they are too small or too low-tech to be a target. Hackers do not pick targets based on size. They pick targets based on opportunity, and a trucking operation running an ELD platform, dispatch software, online banking, payroll software, and email has plenty of opportunity. Small and mid-size businesses are the most common targets because their defenses are usually weakest.
Cyber claims in trucking have gone up significantly. Ransomware attacks shutting down dispatch for days. Fake-invoice scams that wire transfer money to fraudulent accounts. Compromised carrier portals leaking customer load info. The cost runs into the tens or hundreds of thousands fast.
What It Covers
Ransomware recovery
Forensics, ransom negotiation, IT restoration, replacement of compromised systems. Some policies pay the ransom itself within limits. Others focus on recovery without paying.
Business interruption from a cyber event
Lost income while systems are down. If dispatch is shut down for three days and trucks cannot run, business interruption covers the lost revenue.
Data breach response
Notifying affected individuals, providing credit monitoring, legal advice on notification requirements, public relations help. State-specific notification rules can trigger six-figure expenses on a moderate breach.
Funds transfer fraud and social engineering
Wire transfer scams, fake invoices paid, fraudulent ACH transfers. These are the most common cyber claims. Sublimits typically apply, often $100k to $250k.
Cyber extortion
Threats to release stolen data, ransom demands, threats to take down systems. Negotiation costs plus payments to attackers (sometimes).
Regulatory defense
If a state attorney general or federal regulator opens an investigation after a breach, the policy covers defense costs and certain fines.
Third-party liability
If your breach exposes a customer's or shipper's data and they sue, the policy defends and pays settlements.
Reputation harm and PR support
Crisis communication firm, customer outreach, recovery of brand value after a public breach.
What It Does Not Cover
No policy covers everything. Here is what falls outside a standard cyber insurance policy so you know where the gaps are.
Routine IT problems
Server crashes, software bugs, vendor outages that are not caused by an attack. That is operational, not cyber.
Hardware replacement from physical damage
A truck struck by lightning that fries the ELD is a physical damage claim. A hacker locking the ELD is cyber.
Cost to upgrade systems
After a breach, the carrier pays to restore systems to their pre-breach state. Upgrades and improvements are usually on the insured.
Intentional acts by insureds
If an owner or employee causes the breach on purpose, coverage is excluded.
War and state-sponsored attacks
Increasingly common exclusion. State-sponsored attacks attributed to a foreign government are excluded by many policies. War exclusion language is being tightened across the industry.
Bodily injury and property damage
A cyber attack that causes a physical wreck or damage is usually covered by auto or property, not cyber. Cyber focuses on data, systems, and money.
Coverage Limits and Options
$250,000 to $500,000 is a typical entry-level cyber limit for a small ag trucking operation. Enough to handle a moderate ransomware event or a basic data breach.
$1,000,000 is the most common limit for mid-size operations. Covers significant ransomware, multi-party data breaches, and serious wire fraud events.
$2,000,000 to $5,000,000 for larger operations or operations storing significant customer data. Some shipper contracts now require $1 million minimum cyber.
Social engineering sublimit is usually capped separately, often at $100k to $250k. Most wire fraud claims fall under social engineering, and the sublimit matters more than the overall policy limit for that specific exposure.
Business interruption waiting period typically runs 8 to 12 hours. The policy starts paying lost income after the waiting period.
Retention/deductible usually runs $1,000 to $10,000 depending on revenue and prior loss history.
Real Claim Scenarios
Dollar amounts are typical ranges based on industry claim data, not specific cases.
Ransomware locks dispatch and accounting
Phishing email opened by office staff. Ransomware spreads through the network overnight. Dispatch system and accounting system locked. Operation runs paper-based for four days while IT restores from backup. Total cost (forensics, restoration, business interruption) $40k to $150k.
Wire transfer fraud through a fake vendor email
Scammer impersonates a fuel vendor with a "new banking info" email. Office staff updates the vendor record and pays the next invoice to the fraudulent account. $35k gone before the real vendor follows up. Social engineering sublimit handles the loss after the deductible.
Driver PII breach from a stolen office laptop
Laptop with driver records (SSNs, MVRs, drug test results) stolen from a vehicle overnight. State law requires notification of all affected drivers and free credit monitoring. Notification, credit monitoring, and legal advice run $20k to $60k.
Compromised ELD account leaks customer data
Owner's ELD platform password compromised in a third-party data breach. Hacker logs in and downloads load history, customer info, and route data. Notification to shippers and brokers, regulatory review, and potential contract penalties. Total cost $25k to $100k.
Email account takeover
Owner's email account hijacked. Scammer sends invoices to customers asking for payment to a new account. Two customers pay before anyone catches it. Cyber policy covers fraud expenses, notification, and customer goodwill costs. Total $30k to $90k.
What Affects the Cost
Frequently Asked Questions
I am a small operation. Am I really a target?
Yes. Small and mid-size businesses are the most common cyber targets because security is usually weaker. Hackers run automated scans for vulnerable systems and hit whoever responds. Size and industry are not the main factors. Defenses are.
Will my cyber policy pay the ransom if we get hit with ransomware?
It depends on the policy. Some pay ransoms within limits. Others focus on recovery without paying. Federal guidance has gotten stricter about paying ransoms, especially to sanctioned entities. Your policy and a forensics firm work together to decide.
What is multi-factor authentication and why does the carrier care?
MFA is when you sign in with a password plus a code from your phone or an authenticator app. It blocks the vast majority of email and account takeover attacks. Carriers increasingly require MFA on email and on critical business systems before they will write cyber coverage at all.
What is social engineering coverage?
Social engineering covers losses from scams where someone tricks an employee into voluntarily sending money or data. Wire transfer fraud, fake invoices, CEO email scams. It is the most common cyber claim by frequency. Make sure the sublimit matches your typical transaction sizes.
If we get hit, what happens first?
You call the breach hotline number on the policy. The carrier connects you to a forensics firm, breach counsel, and a public relations firm if needed. The first 72 hours matter the most. Having the policy in place means you have a team ready to respond, not just an insurance payout after the fact.
Are my backups enough? Do I still need cyber?
Backups help, but they do not cover business interruption, legal costs, notification expenses, or third-party claims. Backups handle the technical restoration. Cyber handles everything else that comes with a breach.
