For small businesses operating in today’s digital world, having cyber insurance and proper cybersecurity measures in place is vital. The possibility of being hacked is a daily threat and comes with serious, sometimes irreparable, consequences if you are unprepared.
The more work you do online, the more important personal and financial information is at risk of getting into the wrong hands. With your website, network and data at stake, the value of guarding the future of your business with cyber insurance cannot be understated.
If you are not already protected from cyber threats, here are four reasons why you should be.
Schedule an appointment with a small business insurance specialist to learn more about how the right insurance can protect you from these types of risks.
1. Small Businesses Are a Top Target
Large businesses are frequently on the news for data breaches and other cybersecurity invasions, but that doesn’t mean small businesses are in the clear. According to the 2019 Verizon Data Breach Investigations Report, small businesses were victims of 43% of breaches.
Small-business owners may not think they have much worth stealing, but they hold the kind of information that cybercriminals want, like employee and customer data, bank account information, access to intellectual property and connections to larger networks.
2. Many Small Businesses Don’t Have Enough – or Any – Security
A recent Small Business Administration survey found that 88% of small-business owners felt their business was vulnerable to a cyberattack, “yet many can’t afford professional IT solutions, have limited time to devote to cybersecurity or they don’t know where to begin.”
Unlike larger companies, small employers may lack the resources or funds to dedicate to a robust cybersecurity plan, so they put it on the back burner. This makes them even more attractive – and vulnerable – to cybercriminals.
Often, hackers use small businesses as a gateway to the big guys. The 2013 Target data breach, which exposed the personal information of 70 million customers and 40 million credit and debit cards, was traced back to the stolen credentials of a HVAC vendor.
3. Underestimating the Risk
Another reason small businesses tend to lack security or cyber insurance is because they are unaware or misjudge the severity and likelihood of the risks.
Over the past three years, there has been a significant increase in small businesses falling victim to cyberattacks and data breaches, according to the 2019 Ponemon Institute Global State of Cybersecurity in Small and Medium-Sized Businesses,
Sixty-six percent of organizations with 100 to 1,000 employees said they experienced a cyberattack in the last year, with the most frequent types of attacks being phishing, web-based attacks and general malware. Over half felt that cyberattacks were becoming more targeted, sophisticated and severe in terms of consequences such as financial impact.
And keep in mind that the numbers are likely higher. “A lot of cyber incidents aren’t reported,” said Steve Holland, manager of commercial lines for AAA Insurance. Many small businesses are not comfortable with releasing that information for fear of losing their customers’ trust.
4. A Cyberattack Could Put You out of Business
The financial consequences of a cyberattack could be devastating. The average cost to recover from such an attack is $1.2 million, according to the Global State of Cybersecurity report. Such a steep, unexpected expense could force a small business or nonprofit organization to close its doors.
What To Do
While internal or external IT support is the strongest defense against cyberthreats, smaller businesses without it can still take measures to assess and improve security on their own.
The first step is to fully understand your risk and vulnerability. The SBA has several tools listed on its website to help, including free cyber hygiene vulnerability scanning and weekly reports provided by the Department of Homeland Security.
Protect your business with cybersecurity best practices.
- Learn how to spot malware, phishing attempts and other common types of cyberattacks, and train your employees to do the same.
- Invest in antivirus software and keep it updated.
- Secure your networks, use strong passwords and implement multifactor authentication for logins. Get tips on how to create an uncrackable code.
- Regularly back up data, safely and securely.
- Secure payment processing with banks and card processors to make sure that the most trusted tools and anti-fraud services are being used.
Finally, consider adding cyber insurance to your small business insurance policy. Cyber insurance can protect you from first- and third-party threats such as unauthorized content, virus or malicious code, theft or destruction of data, cyber extortion and business interruption.
AAA has partnered with Wingman Insurance to make writing cyber insurance for your organization easier and more affordable. Get a quote.
Do You Need Cyber Insurance? Ask Yourself These Questions:
Does your company rely on technology such as email, networks and/or dispatch systems to function or make money?
Would you still be able generate revenue if these technologies were compromised?
Does my company keep records of customers or employees?
Any record that could identify a person, from driver’s license and passport details, to email lists, passwords and security questions, is a liability.
Consider how many records you have and multiply each one by $200-$400. According to Wingman Insurance, that will give you an idea of how much it would cost to notify and remediate any breach costs to customers or employees.
So, let’s do the math. If you have 1,000 customers that have been hacked at $300 per account, that’s already a $300,000 claim, excluding litigation costs, fines and public relations expenses. Without cyber insurance, that could put you out of business.
Do my employees use computers, phones or tablets?
All it takes is one employee to open a bad email attachment or link to allow outsiders into your business’ data infrastructure and set off a chain reaction. With so many people working from home these days and employees possibly accessing your database from their personal computers, “you don’t have as much control as you did pre-COVID,” Holland said.
If you were notified of a data breach today, would you know what to do?
Good cyber insurance gives you access to breach coaches, data specialists and legal experts that can assist you. It’s their goal to keep costs to a minimum and get you back to business as usual as soon as possible.
If it’s the expense of adding cyber insurance to your small business coverage that you’re worried about, it’s more affordable than you think, and considering the level of risk, worth the investment. “For around $400-$500, it’s good peace of mind that is not covered under your [general liability] policy,” said Holland.