By Nick D’Onofrio, Associate Advisor 
Just because your company is small does not mean you are immune to cyberattacks. While small business owners focus on growing their companies and generating revenue, they can overlook a critical component to long-term success—cybersecurity. They believe that since they use third-party systems to process transactions, they are safe from hacking and malware. That kind of thinking can be dangerous. In fact, cybercriminals are aware that small businesses are easy targets because they typically have less security in place than larger companies.
When COVID hit, many businesses moved from in-person operations to virtual platforms, making cyber threats more common and cyber insurance more important. Any business using computers to complete day-to-day tasks—especially businesses that store their customers’ personal data and/or credit card information—should consider cyber insurance a necessary coverage. Businesses are increasingly facing cyber risks that can threaten their operations and even their very existence. Adding cyber insurance is a small cost, but the risk of not doing so can be devastating.
What Is Cyber Insurance and Why Do You Need It?
According to a recent report in Forbes magazine, 43% of cyberattacks are aimed at small businesses while only 14% of them are prepared to protect themselves from such an attack. What’s more, many of these businesses never recovered after they were attacked.
Cyberattacks can cost a company up to a million dollars in damages. Personally identifiable information—data such as an ID number, location data, or online identifiers—are the most reported data breaches, with credit and payment card information being one of the most frequently stolen pieces of data. In the medical industry, Protected Health Information (PHI)—such as medical records—is also at risk. Maintaining cyber liability insurance will help keep companies operational after an attack.
A cyber liability insurance policy can help protect your business financially in the event of an attack. Policies can differ widely, and there are no set minimum criteria, so you’ll have to work closely with your agent to find the policy that’s best for your organization. Here are some basic coverage areas to consider:
- Disaster recovery costs, which may include expenses for forensic accountants, attorneys, and advisors
- Crisis management, to help contain any bad publicity stemming from the breach
- Social engineering fraud, which can result when hackers trick trusted employees or vendors into disclosing sensitive information
- Extortion, which includes threats by foreign entities that can only be satisfied through large cash payments
- Third-party damage covering violations committed by a subcontractor you hire, such as a mail house or fulfillment center
- Business interruption, in the event that damage to your computer systems leaves your company unable to function for some period of time
- Credit monitoring services, allowing customers suffering data exposure to periodically check their credit status
- If you are hit by a cyberattack—by ransomware, for example—your policy will not only reimburse you for the ransom payment, but it will also cover all of your lost expenses as a result of the attack.
