Does your small business have a cyber threat contingency plan?
You read about the Equifax breach that dominated headlines last July. You diligently checked your bank accounts when seven million small business accounts were compromised by an attack on JPMorgan Chase. You even changed all of your passwords when 3 billion Yahoo accounts were compromised in 2013.
These are the cybersecurity stories that dominate the headlines, but they are not necessarily the ones you need to be the most worried about if you’re a small business owner.
In 2018, nearly 70% of small and medium sized businesses reported being the victim of a cyber attack. Meanwhile, only about 20% of these businesses have some form of cyber liability insurance policy to protect themselves in the event of one of these attacks.
As is the case with all insurance policies, you hope you’ll never have to use it. However, if you ever do need it, a cyber liability policy can mean the difference between the life and death of your business.
The Cyber Threat Landscape
Hacks that target large companies get the most attention, but the reality is that small businesses are at greater risk. This is for the simple, obvious fact that these companies have fewer resources to dedicate to monitoring and defense. A survey conducted by Nationwide found that 57% of small to medium sized businesses do not have an employee or vendor dedicated to monitoring for cyberattacks.
It’s also not just the cliche "hacker in the basement wearing a grey hoodie" that businesses need to fear; cyber threats come in many shapes and sizes. Malware and viruses from phishing emails are part of it, but disgruntled employees, lost or stolen computers or cellphones, and simple employee error are all important risk factors that every business encounters in its daily operation.
In fact, negligent employees or contractors caused most data breaches experienced by small to medium-sized businesses (SMBs). Almost one-third of companies, however, couldn’t even determine the root cause.
The truth is that cyber threats are an inherent part of doing business in 2019. So why do so many businesses make little effort to understand and prevent them?
You don’t need to become an expert in the subject in order to put a plan into place to protect yourself. The right insurance broker will sit down with you and explain your risks and the realities of what a cyber liability policy can accomplish.
What’s at Stake?
If you’re still not convinced of the importance of a cyber liability policy, let’s walk through some of the outcomes for companies that fall victim to these incidents.
There are legal requirements that you investigate a breach of cybersecurity and notify affected customers or clients promptly. Fines and penalties for negligent security practices or mishandling of a cyber incident can cost thousands of dollars, depending on the state your business is in.
You are then also at risk of legal action by anyone who feels you were careless or irresponsible with their sensitive personal information.
In the United States, the average cost of a cybersecurity incident for the absolute smallest of organizations is around $35,000. For small businesses that don’t have the widest profit margin, these losses can be devastating. As much as 60% of hacked small businesses go out of business within 6 months of an attack.
Needless to say, there’s a lot to lose.
Many small business owners cite cost as the reason for not having a solid plan in place for a cyber attack. The numbers seem to say that the cost is worth it. Allocating money toward a cyber liability policy in advance can save your business from the ruinous effects of being unprepared should your company ever be targeted in an attack.
Factors to Consider in a Cyber Liability Policy
Most cyber liability policies will be a combination of first party coverage for you and your business, and third party coverage for your defense against any claims against you.
Here are some factors to consider when shopping for a cyber liability policy.
Cost of notifying your customers, clients, or anyone else whose data has been affected by the breach, including possible credit monitoring expenses.
Coverage for business interruption due to a cyber attack, which might not be covered by your business owner’s policy. Your business could be down for days or weeks after an attack.
Extortion cost in the event of a ransomware attack.
PR and crisis management services that allow you to manage the narrative of the breach and your company’s image in the aftermath.
Regulatory fines or penalties if determined to be negligence.
Coverage in the event that an employee of yours introduces a virus into someone else’s network.
Defense against lawsuits against you related to the breach.
Depending on your type of business, there are many factors at play. Don’t get caught off-guard and leave your business open to the risk of a cyber attack.
To discuss a new cyber liability policy or set up a review of your existing policy, call SDL Insurance Solutions at 224-241-8646 or submit a request on our website.
Comments