Small businesses are accustomed to many of the standard risks involved in their daily operations, including property damage and injuries, but as organizations continue to rely more on technology to conduct business, there are additional exposures that business owners and leaders need to be aware of. Activities including storing customer information, billing, and marketing can expose businesses to cybercriminals looking to acquire company and customer data.
Why Businesses Need Cyber Insurance
Most business owners feel that their business is too small to be targeted by cybercriminals, but actually small businesses are the number one target for criminals and make up a significant portion of data breaches each year. Cybercriminals know small businesses are less sophisticated regarding technology and have fewer technical protections than larger businesses, making them an easier, less complicated target. According to the Identity Theft Resource Center, nearly three out of every five businesses have reported that their data has been compromised by a data breach.
Many of these security breaches have caused business owners headaches and sleepless nights, as well as significant fines and legal fees. Not only can a cybercriminal delete, damage, or hold information for ransom, but they often target the personal information of employees and customers. This includes information such as names, addresses, credit card information, social security numbers, health information, and other private data.
Most companies tend to focus on their core business and forget the extent to which they rely on technology for their business. For example, a tree service organization probably has customer information such as home addresses, phone numbers, email addresses, and payment card information about their customers. Cyber criminals can easily use this information for identity theft, which is why the loss of this type of data often results in both regulatory and legal action against the company.
To protect against these cyber risks, many businesses add cyber insurance to their insurance policies. While a business’s general liability insurance offers medical and property damage related to its products and operations, cyber insurance is needed for the technology and data loss risks the business faces.
What Cyber Insurance Covers
Cyber insurance helps protect businesses from financial losses that result from technology risks, such as cyberattacks. This includes investigations into potential data loss and lawsuits following an attack. It is becoming increasingly common for criminals to lock a business out of its own data and demand a ransom to unlock or recover the files. Cyber liability insurance helps businesses recover both the lost files and income lost.
The types of exposures that cyber liability insurance can help to cover are:
- Ransom paid to recover or unencrypt locked files
- Expenses to notify those whose information was compromised
- Restoration or re-creation of lost data
- Identity theft protection services for customers or employees whose data was compromised
- Lawsuits that result from the data compromise
- Regulatory fines that may result from the cyber incident
- A forensic analysis to review the extent of the data compromise
- Lost business income caused by a technology-related outage
For example, an arborist company might use their website to allow customers to book appointments and make payments. If the website is hacked and held for ransom, a cyber insurance policy would cover the extortion, data loss, loss of income due to the business disruption, and more.
Does my business need Cyber Insurance?
Here are a few things you should ask yourself when considering whether cyber liability insurance would benefit your business:
- Does the business collect, store, send, or receive personal or private information such as email addresses, credit card numbers, social security numbers, or other private information?
- Are there regulatory or industry rules or guidelines related to customer information the business has to follow?
- Is the business prepared if it suddenly loses access to all its data or computer systems?
- Is the business prepared to defend itself against unexpected regulatory fines or lawsuits?
If the answer to any of these questions is “yes”, the business could benefit from the added protection of cyber insurance. Sometimes it’s hard for business owners to step away from the work they conduct on a day-to-day basis to understand how some of these issues might apply. For example, a landscaping or arborist company might not understand the regulatory rules or guidelines associated with storing customers’ credit card numbers.
It is also critical for protecting the survival of your business. According to the National Cyber Security Alliance, 60 percent of companies go out of business within six months of falling victim to a data breach due to the costs, time and other resources involved.
Protection Against the Latest Cyber Threats
Cybercriminals are regularly changing their tactics, and cyber insurance helps protect against some of the most common and emerging cyber threats.
This is the single biggest cybersecurity threat to small businesses. Rather than delete your information, attackers want to make the data work for them. They more frequently prefer to lock or encrypt your data and make you pay to decrypt or unlock it. Additionally, they may threaten to release the private data they accessed. Cyber insurance covers the cost of responding to these extortion threats, as well as data restoration or recreation costs – even public relations costs from dealing with the incident.
Cybercriminals are primarily looking for easy ways to make money, and fraud is another common way to do this. Frequently cybercriminals will call, posing as a supplier or customer and ask you to direct a payment elsewhere. For example, a common trick used against landscaping companies is to send a fake invoice for an equipment purchase or rental your company never initiated. They might also find a way to gain unauthorized access to your computer and either manipulate information to redirect funds or pose as the business to try to deceive the company’s customers and suppliers. Cyber insurance covers these types of fraud that commonly target small businesses.
For attackers, the more personal information they can gather, the more opportunities there are to target individuals. Criminals often try to extract as much data as they can. The most valuable information are credit card and social security numbers, but even if it is just customer email addresses, it is information they can use in another attack. When it comes to data compromises, cyber insurance helps with the forensic analysis of what data was taken, costs related to notifying individuals of the breach, and the recovery costs – including lost business, reputational damage, and legal costs.
What is not covered by cyber insurance?
Cyber insurance policies are meant to protect a business from some technology-related risks and are there to supplement other types of business insurance. These are a few of the most common types of business insurance and what they cover:
General Liability Insurance: Protects businesses for the general operation of their business and provides coverage for bodily injury or property damage claims.
Property insurance: Coverage for the company’s physical location and equipment.
Commercial Automobile Insurance: This coverage provides medical and property protection for the vehicles used for business operations.
Employment practices insurance: Liability protection against claims made by employees, such as discrimination, harassment, or wrongful termination.
The Proactive Benefits of Cyber Insurance
The costs of a breach or other cyber incident can be extremely costly. According a report by Hiscox Insurance, the average cost of a cyber-attack to a small business is over $25,000. Therefore, many insurers offer additional education and guidance to companies to help prevent an incident from happening. In addition to providing experts and advice on good security practices, some insurers offer things like anti-virus protection, data backup services, and educational programs. These additional resources can be tremendously beneficial for arborists, landscapers, and construction companies that prefer to focus on their hands-on work rather than the technological component of their operations.
Cyber Insurance Costs
Like other types of insurance, the cost will vary depending upon several factors related to the business’s risk. For cyber insurance, the amount and type of data the company manages will
have a significant impact. The more a business handles data – particularly private employee or customer information, or payment card information – the more it can expect to pay. While one business, such as an arborist might handle their own employee information and store a lot of information about their customers, another might prefer to outsource this type of information or even keep paper records. An insurer will need to understand how you handle this aspect of your business when underwriting cyber insurance coverage.
Additionally, since cyber insurance also helps to cover loss of business income, the business’s revenue history will also be a factor in the cost. Whatever the cost, it is a significantly smaller portion that what the business might expect to pay if it experiences a cyberattack.