Hablamos Español Insurance Companies We Work With
Learning Center

Standalone Cyber Insurance vs. Cyber on a Business Owners Policy

By Richard Sweet. Reviewed by Richard Sweet. Updated July 6, 2026.

Already know you need this? Get a quote Compare your coverage →

The cyber coverage on a business owners policy and a standalone cyber policy are not the same thing, and the difference matters most at claim time. A business owners policy often includes a small cyber endorsement, added for little or no visible premium. A standalone cyber policy is a separate contract with its own limit and broader coverage. For a practice that holds patient data or moves money, the endorsement usually will not respond to the loss that actually happens.

What a BOP endorsement gives you

The cyber endorsement on a business owners policy typically provides a small amount of breach response and some liability. For a business with almost no digital footprint, that can be a reasonable start. The problem is that owners read the word cyber on the declarations page and assume full protection, and the endorsement is rarely built for that.

What standalone cyber adds

A standalone policy carries its own limit and covers the pieces an endorsement usually shortchanges: adequate social engineering and funds-transfer fraud, ransomware and recovery, business interruption including dependent outages when a vendor platform goes down, and a real breach-response bench. You can read those coverages in plain language on our cyber insurance overview and the BOP endorsement vs standalone page.

Where the endorsement falls short

The gap shows up in a few predictable places. Social engineering, the spoofed payment that is the most likely loss, is often sublimited or excluded on an endorsement. Business interruption and dependent outages are frequently missing. And the response limit can be exhausted by the forensics, notification, and legal work of a single incident before recovery is even addressed.

How to tell what you have

You do not have to guess. Pull your business owners policy declarations page and look for a cyber or data-compromise endorsement, then read the sublimit next to it and whether social engineering is named. If it is small, sublimited, or absent, that is the gap. If reading the endorsement is not how you want to spend an afternoon, share your policy and we will read the cyber piece for you.

Which one you should carry

For a practice that emails invoices, takes payments, or stores patient records, standalone cyber is usually the real coverage, and the cost is often modest. A business with almost no digital footprint may reasonably rely on the endorsement. We compare both so the decision is informed, not assumed.

Questions to ask your advisor

  • Do I have a cyber endorsement on my business owners policy, and what is its sublimit?
  • Does that endorsement cover social engineering, or exclude it?
  • Would the endorsement’s limit survive the response cost of a single breach?
  • What would a standalone policy add, and what would it cost?
  • Given how my practice moves money and holds data, which coverage actually fits?

Want guidance first? Compare your coverage. Already know what you need? Get a quote.

What many people don't realize

The part that catches owners off guard

  • A cyber endorsement on a business owners policy is usually small and limited.
  • Standalone cyber carries its own limit and broader coverage grants.
  • The gap most often shows up on social engineering and business interruption.
  • Reading your declarations page is the way to know what you have.
The Vantage Point

What we see most often

Most owners see the word cyber on the declarations page and assume they are covered. The endorsement is real, but it usually will not respond to the loss that actually happens. Naming that gap is the single most useful thing we can do here.

Free, two-minute check

See where your coverage stands

Answer a few quick questions and get a clear read on your current coverage in about two minutes. We flag what is worth a closer look.

Compare your coverage
A quick gut check

Where did your current coverage come from?

How you bought your policy shapes whether you are actually getting options. Three situations we see constantly:

A captive agent

If your policy came from an agent who represents one company, they cannot shop the market for you. You are seeing one company's answer, not your options.

Online, on your own

Online portals tend to optimize for the lowest price. That often means important coverages get quietly left out, and you do not find out until a claim.

An independent agent

The right setup, but only if they re-shop and review it. An independent agent who has not reviewed your coverage in years has stopped working for you.

See where you actually stand
When to review

It may be time for a coverage review if:

  • You have a cyber endorsement on your business owners policy
  • You are not sure what your endorsement actually covers
  • You move money by email
  • You hold patient or customer records
Compare your coverage Get a quote
Frequently asked

Frequently asked

What is the difference between BOP cyber and standalone cyber?
A BOP cyber endorsement is a small add-on with a low sublimit and limited coverage. A standalone cyber policy carries its own full limit and broader coverage, including adequate social engineering, ransomware, and business interruption. For any business that moves money or holds data, standalone is usually the real coverage.
Isn't the cyber on my BOP enough?
Usually not. The endorsement often sublimits or excludes social engineering, which is the loss most likely to happen, and can be exhausted by a single breach response. For a practice, standalone coverage is generally the safer choice.
How do I tell what cyber I have?
Pull your business owners policy declarations page and look for a cyber or data-compromise endorsement, then read the sublimit and whether social engineering is named. If you would rather not, we can read it for you.
Is standalone cyber much more expensive?
Often less than owners expect. For a small practice, a standalone one-million-dollar policy can be a few hundred to a couple thousand dollars a year, which is usually the difference between coverage that looks like cyber and coverage that responds like it.
RS
Written and reviewed by

Richard Sweet

Founder and Principal Advisor, Vantage Point Risk

Richard Sweet runs Vantage Point Risk, an independent insurance and risk advisory for property owners, real estate investors, business owners, and families. He works with investors every week on the coverage decisions that decide how a claim actually turns out, and writes the Learning Center to put those decisions in plain language.

Reviewed for accuracy by Richard Sweet. Last updated July 6, 2026.

Richard also writes The Vantage Point, notes on building a better business.

This article is general information, not insurance, legal, or tax advice. Coverage depends on your policy terms, endorsements, carrier underwriting, and the state you are in. For guidance on your specific situation, talk with a licensed advisor.

Compare your coverage

It's not a quote. It's a real review.

Answer a few quick questions and get a clear read in about two minutes. We will flag what is worth a closer look, and you can hand us your current policy if you want us to dig in. No pressure, no obligation.

We review your current coverage for gaps and overlaps
We compare the market to see if you are overpaying
We tell you what is actually worth changing, and what is not
You get clear answers, even when you are already covered well