One of the biggest drivers of cyber liability insurance sales is hearing that another business has been attacked. This is understandable, especially when these hacks hit close to home – for example, someone we know or a similar business. What if the next business that becomes the example is yours? It just as easily could be.
The Threat Is Real
Large scale data breaches where individuals’ PII (Personally Identifiable Information) is compromised are the ones we tend to hear about most often. Huge cyber-attacks like WannaCry and Petya in 2017 also get media coverage because of their sheer magnitude. What we are less likely to hear about are the smaller hacks and breaches, such as those that involve social engineering or ransomware.
The statistics vary across studies and industries, but generally half to two-thirds of small businesses report that they have been hacked or detected an attempted attack. The damage can be devastating, but compared to that of large corporations, each individual incident likely doesn’t warrant national attention. The result is that many business owners take an “it can’t happen to me” stance, which is naïve at best.
What’s At Stake?
Small businesses need to understand the impact a cyber incident can have on their company. The costs around breach management can be considerable and include such expenses as:
- Notification to customers/clients
- Customer/client protection, such as credit monitoring
- Regulatory fines
- Attorney’s fees
- Forensic investigations
- Improvements to technology infrastructure
Other expenses are harder to predict and harder to quantify, leading to an even greater chance that an organization cannot survive an incident. These often overlooked or less anticipated costs include:
- Damage to reputation
- Downtime and interruption to business
- Lost revenue and devaluation of trade name
- Increases in insurance premiums
Between the added expenses and the increased difficulty of retaining and attracting clients, many small businesses don’t stand a chance after an attack.
The Role of Cyber Liability Insurance
Incorporating financial protection into your plan is essential. But if you wait until you’ve already had an incident, it’s too late.
Carriers want to know that you’ve addressed risk, taken precautions, implemented best practice standards, and have a detection and response plan. If your business has been successfully hacked, an insurer will deem you to be a larger risk. This isn’t unusual methodology: those who have been involved in auto accidents tend to be viewed as riskier, and their premiums are higher as a result.
Every day that you don’t have a plan in place to detect threats and respond to them quickly, you are at risk and insurers know this. Businesses who have prepared stand a better chance of avoiding an attack in the first place. To again liken it to something we can relate to, cars with better safety features and alarm systems are less costly to insure than those without such elements, everything else being equal.
This Isn’t Going Away
You can’t bury your head in the sand. Cyber-attacks are on the rise and no business is immune. Preparing now, long before the need arises, can be just the thing that keeps you in business when others are shutting their doors.
All insurance policies are different. Be sure to review your insurance policy for specific information about coverages available to you. Nothing in this post is meant to suggest a guarantee of coverage.