Small businesses may seem invisible, compared to more established brands. But, when it comes to cyber crime, your business is just as visible — and vulnerable — as any Fortune 500 concern. Symantec’s 2019 Internet Security Threat Report notes that web attacks increased by 56% from the prior year.
A small business owner is less likely to have the resources to put sophisticated cyber defenses in place to protect data.The owner is also less likely to be able to absorb the financial impact of such crimes.
Your insurance company can help by providing cyber liability insurance. Companies in the insurance market offer coverage to protect your business from cyber risk.
The biggest mistake you can make as a small-business owner “is thinking, ‘I don’t need this,’ and, ‘It’ll never happen to me,’” says Claire Wilkinson, former vice president of global issues at the Insurance Information Institute and editor of the institute’s blog. “Cyber attacks targeting large companies may dominate the news headlines, but for a small business, cyber attacks can cause huge financial and reputational damage.” Roughly 60 percent of small businesses hit by a security breach will close within six months, Wilkinson says.
Cyber risk insurance can reduce the financial impact of a cyber incident.
What cyber insurance can do for you
Cyber insurance is designed to help you deal with the negative ramifications of having a web presence. Broadly speaking, there are two categories of risk.
Your firm needs first-party coverage to cover the cost of losing firm records. A data loss may include financial records, intellectual property and other information that your company needs to operate. If data from a company credit card or your business bank account is stolen, the theft is considered a first-party risk.
Customer records, however, present a bigger risk to your business.
Businesses need third-party coverage to protect the firm from legal action due to a loss of customer data.
Assume, for example, that your network security fails, and that customer data is stolen from your computer systems. You need cyber coverage for incident response, including customer notification, and the cost to recover from the data theft.
Liability coverage can address the cost of legal action brought by customers after a cyber event.
Cyber policies offer coverage to address these specific risks:
- Malware and ransomware attacks
- Phishing and cyber extortion
- If personal information is stolen from customers, you may incur crisis management costs, including public relations costs
- Breach notifications expenses and credit monitoring services for customers who are impacted by a data breach
- Business interruption coverage as you recover from an attack
You can also find insurance coverage for problematic web content, such as a defamatory blog post.
Additionally, a cyber insurance policy addresses these issues:
- Risk management services for your web security profile through periodic reviews and other assistance.
- Data restoration costs associated with a cyber attack, such as hiring additional staff to recover from the attack, and other related expenses.
- Liability coverage for legal fees, and coverage for the cost of paying judgments, if you lose a court case stemming from a data breach.
As with any insurance policy, cyber insurance can be tailored to meet your needs.
How much coverage is enough?
Wilkinson says you should consider including coverage for “the most common cyber risks, such as loss/theft of confidential information, corruption of data and especially loss of business income as a result of an attack.”
She says third-party cyber liability coverage for defense costs, judgments and legal settlements is another “must-have.”
Rebuilding your reputation in the wake of a cyber attack can be a huge challenge, Wilkinson says. “Owners may want to talk with their agent about coverage that addresses crisis management. This would cover the costs to retain public relations assistance or advertising to rebuild a company’s reputation after an incident.”
You may also need to implement a social media campaign to address the cyber security issue.
To minimize the financial impact of cyber threats, you need to plan.
Next steps for your cyber security coverage
Put systems in place to improve information security, and use anti-virus software to protect against cyber attacks. Consider using encryption to protect your most sensitive customer data, and prevent property damage to company banking and financial records.
Most small business owners have some business insurance, including general liability insurance. Talk to your insurance agent about cyber insurance coverage and start the underwriting process.
The insurance company underwriter will ask about your information security plans, and you should have a system in place before you apply for coverage.
Insurance products can be expensive, but cyber insurance is critically important. As your business grows, you’ll manage a growing amount of data. Protect yourself from a cyber attack, and manage your business with confidence.