by Granville Triumph
Many smaller businesses believe they are generally safe from cyberattacks because hackers are looking for a bigger score. According to a recent CNBC survey, 56 percent of small business owners in America say they aren’t concerned about cyber threats, and 59 percent say they are confident they could quickly resolve any attack that might occur.
That’s wishful thinking. According to the National Cyber Security Alliance (NCSA), small to midsized businesses (SMBs) are in fact the No. 1 target of all cyberattacks. Furthermore, the NCSA finds that 60 percent of SMBs that are hacked go out of business within six months.
Malicious actors target SMBs because they know smaller organizations often lack the budget for advanced security tools and the expertise to take full advantage of them. In a study by Small Business Trends, just 14 percent SMBs rated their ability to mitigate cyber risk as highly effective.
Given the risk, SMB owners should strongly consider investing in cyber insurance. While it won’t supplant strong security measures, it can limit the financial damage from an incident and help organizations keep their doors open.
Very often, SMBs assume that damages resulting from a cyber attack will be covered by their general liability (GL) policy. That’s almost never the case, although a few GL policies may offer partial coverage.
A well-crafted cyber insurance policy will typically feature the following coverages:
- The cost to hire computer forensics specialists to investigate the source of the attack, the vulnerabilities that were exploited, and the data that may have been stolen or exposed.
- The cost to recover from the loss, corruption or destruction of valuable data assets.
- Loss of income due to the temporary shutdown of a business because of an attack, or any limits on its ability to conduct business.
- Any attorney fees and costs, lawsuit settlements, court judgments and other costs associated with a cyberattack that causes financial harm to customers, partners or other third parties. This could involve the exposure of personal information or the unintentional transmission of a computer virus to another party.
- The individual liability faced by a company’s officers, directors and other key decision-makers who are acting on behalf of the company.
- The cost of notifying consumers of a data breach resulting in the release of their personal information, and providing them with credit monitoring services.
- The cost of retaining a public relations firm or launching an advertising campaign to rebuild a company’s reputation.
Many policies also cover ransom payments and other extortion-related costs, but most require prior notice. Government regulations prohibiting ransomware payments should be considered.
Of course, cyber insurance doesn’t relieve you of the responsibility to invest in robust security measures. In fact, most insurers will evaluate your security and threat mitigation capabilities when setting policy rates. Most want to see that their customers have a robust backup environment, strong access controls, a formal incident response plan and security awareness training programs for employees.
With threats becoming increasingly sophisticated and dangerous, SMBs must maintain a strong security posture. While that will involve a variety of hardware and software tools, it should also include a cyber insurance policy to minimize your financial risk.