It’s understandable why cyber insurance may feel like overkill for some small business owners. If you’re just a sole proprietor, operate a small cafe, or work at a small firm, you may think the odds of your business experiencing the kind of technological attacks you hear about in the news is negligible.
You’re not in the financial services industry. You don’t have prominent clients. You may not even have a client database.
In this post, you’ll learn more about what cyber insurance is and who needs it. You’ll also learn about the next steps you can take to protect your business from an attack.
What is it?
Cyber insurance helps protect your small business for the threat of cyber attacks. But, you may be wondering: what exactly is a cyber attack?
Think about how much your professional life relies on technology and you can begin to see the risk.
Every day, we rely on work and home computer systems, mobile and tablet connectivity, cloud-based services, email, customer databases, and more. All of this technology is vulnerable. Some of the most common types of cyber attacks include:
- Unauthorized access to your onsite or remote computer systems or to your cloud computing services.
- Damage, theft, or loss of data caused by a computer virus or malware.
- Deliberate acts such as DDOS attacks and hacktivism meant to disrupt your online business functions.
Cyber insurance is designed to help protect your digital property from these kinds of cyber attacks before they happen, but more importantly, to help your business recover after an attack.
It’s worth noting that general business liability insurance doesn’t apply in cyber attack situations.
Though it used to be a niche product, cyber insurance is now a fairly common purchase for any technology-using business. It’s available as either a stand-alone product or frequently as an add-on to your existing business-owner’s insurance policy.
Typically, a cyber insurance policy includes several different types of coverage.
First-party coverage pays costs associated with recovering from an attack:
- Coverage to hire technical consultants to determine the cause of the attack, stop an ongoing attack, and patch any discovered hardware or software vulnerabilities.
- Coverage to hire additional staff or assist with notifying affected customers or regulatory compliance.
- Help with crisis management and public relations assistance.
- Business interruption protection, if an attack is damaging enough to interrupt your cash flow.
- Coverage for credit monitoring and assistance, if customer payment details were stolen or exposed.
The cyber attack itself can be bad enough, but if the data or property affected involves customers, clients, or employees, your business could face legal action as well. Third-party coverage can cover expenses including:
- Legal defense.
- Civil awards.
Risk Management Coverage
The best case scenario for both you and your insurer is when a cyber attack never takes place.
So many policies offer coverage for periodic reviews and other professional assistance to help you make sure your security policies are properly implemented and that security software is up to date.
Who Needs Cyber Insurance?
Small Business is Big Business for Cyber Attackers
You may be surprised to learn that large corporations aren’t the preferred target of cyber attackers.
Small- and medium-sized businesses actually suffer more frequent attacks than larger businesses. According to Aeris Secure, as much as 71% of cyber attack incidents target small businesses. This might have to do a false sense of security that a low profile provides to small business owners. Something that attackers are aware of and can use to their advantage.
Types of Assets That Are At Risk
When it comes to the types of information cyber criminals are after, your first thought might be online payment credentials. You’re not wrong there, but a surprising array of sensitive information can be at risk of a cyber attack. Confidential information target by attacks can include:
- Usernames and passwords.
- Payment processing information for customers or clients.
- Customer or client database records.
- Company financial records.
- Personnel files on your employees.
If your business keeps these or other types of data, cyber insurance is a smart investment to protect your business from the loss or abuse of this critical data.
The Risk of Falling Victim to an Attack is Increasing
You may also be surprised to learn that the risk to small businesses isn’t just significant, it is also on the rise.
Trustwave, a company specializing in global information security, noted a 54% increase in their cyber attack investigations between 2012 and 2013. While awareness is increase among small business owners, the threat continues to grow as well.
What to Do?
While the odds are high your business may encounter some type of cyber attack in the future, there are steps you can take to reduce your risk and to help you recover faster.
Take Data Security Precautions
One of the reasons those large businesses are a less appetizing target for attackers is because of extra security measures they tend to put in place.
As you know from the news, large corporations can fall victim to high-profile attacks, but the effort involved often acts as a strong disincentive for the attackers.
In fact, it wasn’t Target’s systems that let to its high-profile cyber attack — it was a vulnerability found in the systems of a regional contractor.
Installing antivirus software, maintaining firewalls, using strong passwords that are changed regularly, making and keeping regular backups of data, and guarding access to sensitive data can all help reduce your risk of an attack.
Monitor Your System Security
You can often solve problems before they get out of hand if you’re paying attention. Monitoring your system for cyber security threats could help you avoid a major breach of sensitive data.
Keep your security systems and software up to date, consider setting up alerts for unusual system activity, keep activity logs, and hire a security professional to do periodic testing of your defenses.
Protect Yourself with Cyber Insurance
The risk of a cyber attack is high for small businesses. By foregoing cyber insurance protection, your business is open to attacks and legal actions as a result of those attacks.
But protecting your business can not only help you manage an attack, the preventative coverage provided by your insurance could help you avoid an attack.
Your insurance professional can help you learn more about which cyber insurance may be right for your business and explain features and options. When it comes to cyber insurance, the benefits far outweigh the risks you face without it.