ZDNews notes that “the price of the [cyberinsurance] policies vary widely, from a couple of thousand dollars for a small business policy to as much as $1 million per $25 million worth of coverage.” However, more than price alone needs to be considered. Most policies exclude as much if not more than they include, requiring careful attention to what is and is not covered. More importantly, before writing a policy, insurers require a complete assessment of existing information security practices, as well as implementation of new, expensive security practices (i.e. intrusion detection systems and penetration testing) to insure that significant steps are being taken by the applicant to protect information assets from hackers. The cost of these requirements alone put many insurance policies out of reach for most.