Why Your Business Needs Cyber Insurance

The latest statistics on cybercrime are mind-boggling, if not downright terrifying. According to the Internet Crime Complaint Center, a successful cyberattack occurred every 1.12 seconds in 2020, not including attempted attacks or those that weren’t reported. Nearly 90% of businesses in the U.S. were affected by a successful cyberattack, and nearly 50% of business computers were re-infected in the same year. Ransomware attacks cost an estimated $624 million in 2021.

What makes this all even more alarming is that the cyberthreat landscape is constantly evolving as cyber criminals attempt to stay one step ahead of security controls. With most businesses increasingly dependent on technology, the potential risk is growing exponentially.

Small Businesses are Vulnerable to an Attack
Small businesses are particularly vulnerable because they are less likely than larger companies to have dedicated cybersecurity teams. Also, smaller businesses update their software less frequently. Cyberthieves know this, which is why small businesses are a primary target.

An increasing number of small businesses are becoming aware of their vulnerabilities and, lacking the resources to fully protect themselves, are turning to the financial protection and risk management services available through cyber insurance policies.

Insurance protection against cyberattacks is not only critical to the survival of a small business but also essential for those that provide services to larger enterprises. Because cyberthieves target small companies to bypass large companies’ cyber defenses, smaller service providers are often contractually required to have cyber insurance.

Cyber-Related Risks aren’t Covered by Traditional Insurance
Small businesses are exposed to cyber liability risks beyond cyberattacks, including identity theft, phishing attacks, or data exposed due to employee error or a lost laptop. These digital risks are not covered by traditional liability policies that center on physical risks. Most business owners’ package (BOP) or general liability policies specifically exclude coverage for cyber-related risks (unless it is added to a package policy).

Considering the potential costs of a successful cyberattack, cyber insurance can be a wise investment for any company that stores data, accesses information, or conducts business online.

How Cyber Insurance Coverage Works
Cyber insurance coverage and costs can vary based on a company’s size and industry, but it is typically offered as one of two forms of coverage (which can be packaged together with some insurers).

First-party coverage includes coverage of direct costs incurred as a result of a data breach. Direct costs can include revenue loss, the costs of notifying customers, and upgrading technology. Coverage may also include the cost of investigating an incident, crisis management, and cyber extortion costs.

Third-party coverage includes coverage for legal costs incurred through lawsuits, settlement costs, court-ordered damages, and related expenses.

It is becoming more common for cyber insurance carriers to offer cyber-related loss control services for small businesses. The type of services provided can vary but often include security audits, employee training, and guidance installing or updating security software or virtual private networks to increase remote access security.

With the cost of cyber claims averaging between $15,000 and $25,000 in recovery costs—not including costs associated with the restoration process, legal expenses, reputational damage, and operational downtime of an average of 279 days—most small businesses that rely on technology can’t afford to take on that risk on their own.

Regardless of your company’s size and the type of information you store or process, it’s worth having a discussion with your insurance broker to ensure your risk exposure is minimal.