There’s barely a week that goes by without some sort of cyber security incident — a system hack, a data breach, putting thousands if not millions of people’s personal information at risk. Although big corporations generate the most headlines, the reality is that small and mid-sized businesses are equally, if not
more, vulnerable to cyber attacks.
Smaller organizations don’t have the resources to put up firewalls or deploy high-powered system monitoring software that larger firms can afford. Like the house on the block with an open window and no burglar alarm installed, these businesses are easy prey for hackers, and they’re getting hacked more often than you think.
According to IBM, small and mid-sized businesses are hit by 62% of all cyber attacks, at a rate of 4,000 per day. A more sobering statistic? Sixty percent of small businesses go out of business within six months of a breach.
As insurance professionals, we have the opportunity to change that outcome. Although we can’t deter the cyber thieves from striking, we can help our business customers protect themselves by effectively educating them on their risks and providing the cyber liability coverage they need.
See also: Why Buy Cyber and Privacy Liability. . .
A Quick 411 on Cyber Liability Coverage
The good news is, there are 20 or more cyber liability carriers in the marketplace today, which keeps pricing low for budget-conscious business owners. Typically, every million dollars of protection, for a company that has never been hacked, runs about $2,500 per year. That’s well within most businesses’ budgets.
However, not all policies are created equal.
It’s critical for insurance professionals to spend time educating themselves on the details of what each policy offers before heading off to sell. This ensures that you offer the best solution to each of your customers and can adequately review any coverage they currently have for gaps.
Cyber liability policies should always include coverage for the following:
Notification Costs and Credit Monitoring
Most states require companies to inform anyone affected by the breach of personally identifiable information in a timely manner, and offer credit monitoring for the 12 months following the incident. Typically, businesses have to set up call centers to answer frequently asked questions, as well. A good cyber policy should cover all of these costs.
Cyber Extortion
According to the FBI, the incidence of ransomware attacks is on the rise. This attack typically begins when an employee clicks on a legitimate-looking email attachment. That one click releases malware that locks digital files until the company pays a ransom to release them. Unless the company pays the tens of thousands of dollars that hackers demand, businesses could lose proprietary information, product schematics, customer orders and other sensitive information. The right policy will help cover the cost of payments to extortionists, as that’s typically the only way to get the data back.
Business Interruption
If the company’s systems are compromised, hackers encrypt company software or overload Web servers to block legitimate orders, and business comes to a screeching halt. Think about the financial impact a day or a week down could have on a small e-commerce company, a CPA firm or manufacturing operation if they’re not adequately covered for the loss.
Public Relations
One hack can ruin a local business’s reputation in a heartbeat. If a breach occurs, that company has to hire an experienced public relations team to explain what they’re doing to protect the affected individuals and mitigate reputational risk associated with the breach.
Forensics Costs
Finally, and perhaps most significantly, a cyber liability policy should cover forensics — hiring computer technologists to come in and identify where and how the breach occurred, and how big the impact was. It’s important to note that this is typically the biggest cost associated with a breach, and the most frequently exhausted limit in cyber liability policies. So, it’s important to make sure the policy you recommend provides adequate coverage in this area.
Explaining Cyber Insurance to Your Customers
The most effective way to talk to your customers about cyber liability insurance is to show them their exposures. Typically, small and mid-sized businesses don’t think of themselves as being at risk. For example, a restaurant owner might believe that, by using a third-party payment card processor, her business is protected. The reality is: Her patrons don’t care who processes her transactions. They come to her restaurant, eat her food and hand her servers their credit cards. The place where people do business is going to get the blame — and be the one liable for the costs.
It’s not just retailers and restaurants that are at risk. Any company with personally identifiable information – Social Security numbers, health records or employee data – is exposed. With the average cost-per-compromised record averaging $221, the more records a company has, the more exposure it has. When you explain that one incident could cost a smaller business $50,000 or $100,000 to rectify, the value of paying a few thousand dollars a year for cyber liability insurance becomes very clear.
See also: Cyber Attacks Shift to Small Businesses
In addition to being affordable, cyber policies are quick and easy to get — if the business hasn’t been hacked before. For most carriers, it’s a one-page application that asks basic questions to find out if the company has a firewall, antivirus software and encryption, as well as its use of mobile devices. Typically, you can get a quote in an hour or less, issue the policy and be on your way. Just as important, your customers will know that you’re looking out for their best interests.
If I can leave you with one thought, it’s this: In this technology-reliant world, every business has a target on its proverbial back. If some form of cyber-attack hasn’t affected your customers yet, there’s a high probability that they’ll get hit in the near future. No business is too small, and no one is immune.
With the right cyber liability coverage, your business customers will be prepared for the inevitable breach — and have the protection they need to survive it.