Cyber & Data Breach Insurance Policy: Why Small Businesses Need One

Posted by Matt Simon on Oct 22, 2015

Here’s a sobering statistic: according to industry experts at Insurance Journal, one of every three cyber attacks are to small businesses.

Further, statistics show that roughly 60% of small businesses will close permanently within six months of a cyber-attack.

High-profile cyber-attacks on companies such as Sony, Target and Zappos have generated national headlines and have raised awareness of the growing threat of cyber-crime.

Recent surveys conducted by the Small Business Authority, Symantec and the National Cybersecurity Alliance, suggest that many small business owners are still operating under a false sense of cyber security.

Small businesses are becoming increasingly attractive targets for cyber-attacks

The statistics are grim; the vast majority of U.S. small businesses lack a formal Internet security policy for employees, and only about half have even rudimentary cyber-security measures in place.

Furthermore, only about a quarter of small business owners have had an outside party test their computer systems to ensure they are hacker-resistant, and nearly 40% do not have their data backed up in more than one location.

Shockingly, despite these significant cyber-security exposures, 85% of small business owners believe their company is safe from hackers, viruses, malware or a data breach. This is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyber-attacks.

In reality, data thieves are simply looking for the path of least resistance. As more and more large companies get serious about data security, small businesses are becoming increasingly attractive targets – and the results are often devastating for small business owners.

In recent years, nearly 60% of the small businesses victimized by a cyber-attack closed permanently within six months.

Many of these businesses put off making necessary improvements to their cyber-security protocols until it was too late because they feared the costs would be prohibitive. Don’t make the same mistake.

Even if you don’t currently have the resources to hire an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to a costly cyber-attack.

The following list of easily implementable security procedures was developed during a Federal Communications Commission roundtable on effective cyber-security strategies for small business owners and is a great place to start:

  1. Train employees in cyber-security principles
  2. Install, use and regularly update antivirus and antispyware software on every computer used in your business
  3. Use a firewall for your Internet connection
  4. Download and install software updates for your operating systems and applications as they become available
  5. Make backup copies of important business data and information
  6. Control physical access to your computers and network components
  7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace, make sure it’s secure and hidden
  8. Require individual user accounts for each employee
  9. Limit employee access to data and information, and limit authority to install software
  10. Regularly change passwords

While cyber-security strategies are important for preventing an attack, having a cyber insurance policy is important for protecting you in the event that an attack occurs. 

Think of it this way:  all the security measures you put in place to prevent an attack or breach is similar to what we all do during cold & flu season… we wash our hands regularly, avoid germ-filled locations as best we can, and use hand sanitizer after shaking hands.

But despite all those measures, sometimes we still get sick.  And we often need medication to help speed up the recovery process.

Cyber Liability Insurance is the medicine to help speed the recovery process for small businesses after they experience an attack or a breach so they don’t become part of the 60% that go out of business as a result.

Why Cyber Liability Insurance?

A traditional business liability policy is extremely unlikely to protect against most cyber exposures. Standard commercial policies are written to insure against injury or physical loss and will do little, if anything, to shield you from electronic damages and the associated costs they may incur.

Exposures are vast, ranging from the content you put on your website to stored customer data. Awareness of the potential cyber liabilities your company faces is essential to managing risk through proper coverage.

Possible exposures covered by a typical cyber liability policy may include:

Data breaches

Increased government regulations have placed more responsibility on companies to protect clients’ personal information.

In the event of a breach, notification of the affected parties is now required by law. This will add to costs that will also include security fixes, identity theft protection for the affected, and protection from possible legal action.

While companies operating online are at a heightened risk, even companies that don’t transmit personal data over the internet, but still store it in electronic or paper form, could be susceptible to breaches through data lost to unauthorized employee access or hardware theft.

Intellectual property rights

Your company’s online presence, whether it be through a corporate website, blogs or social media, opens you up to some of the same exposures faced by publishers. This can include libel, copyright or trademark infringement and defamation, among other things.

Damages to a third-party system

If an email sent from your server has a virus that crashes the system of a customer, or the software your company distributes fails, resulting in a loss for a third party, you could be held liable for the damages.

System failure

A natural disaster, malicious activity or fire could all cause physical damages that could result in data or code loss. While the physical damages to your system hardware could be covered under your existing business liability policy, data or code loss due to the incident would not be covered.

Cyber extortion

Hackers can hijack websites, networks and stored data, denying access to you or your customers. They often demand money to restore your systems to working order. This can cause a temporary loss of revenue plus generate costs associated with paying the hacker’s demands or rebuilding if damage is done.

Business interruption

If your primary business operations require the use of computer systems, a disaster that cripples your ability to transmit data could cause you, or a third-party that depends on your services, to lose potential revenue.

From a server failure to a data breach, such an incident can affect your day-to-day operations. Time and resources that normally would have gone elsewhere will need to be directed towards the problem, which could result in further losses.

This is especially important as denial of service attacks by hackers have been on the rise. Such attacks block access to certain websites by either rerouting traffic to a different site, or overloading a company’s server.

Cyber Liability Insurance is specifically designed to address the risks that come with using modern technology; risks that other types of business liability coverage simply won’t.

The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. It’s important to work with an Insurance Advisor that can identify your areas of risk, and customize a policy to fit your unique situation.

If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk.  You can download a free copy of our eBook, or if you’re ready make Cyber Liability Insurance a part of your insurance portfolio, Request a Proposal and we’ll get to work for you.

Cyber & Data Liability Insurance eBook

Additional articles that may interest you:

Cyber & Data Breach Liability Insurance

Who wants Cyber Liability Insurance?

A lesson from the Sony Data Breach

Category: Cyber Liability Insurance (1)