No business is too small for a cyber-attack: Protect yours with cyber insurance
When cyber-attacks happen to the likes of Colonial Pipeline, SolarWinds, Target and other big businesses, media outlets take note. These large attacks garner 24/7 international attention, and for good reason. Millions of consumers place their trust in these companies, and when their data and networks are compromised their customers are at risk.
News headlines announcing the latest and greatest cyber-attacks can lead us to believe that it’s only the large corporations that are vulnerable. This simply isn’t the case. At the end of 2019, CNBC reported that bad actors targeted small businesses 43% of the time. What’s worse is that over 60% of small businesses that fall victim to a data breach are out of business six months later due to the financial and reputational losses incurred.
As a small business owner, you are an attractive target to cyber criminals. Similar to the headline grabbing victims mentioned before, you likely store personal data and intellectual property, and you probably depend on your systems and networks to operate your business. Unlike the Targets of the world, you may not have the budget or the in-house expertise for a comprehensive cybersecurity program. These factors combined open your doors to a cyber-attack.
A quick search on the Internet, or on this very blog, will return best practices for keeping you and your business cyber safe. They bear repeating here. At a minimum, you should:
- Use appropriate passwords,
- Enable encryption,
- Stay up to date on software updates including anti-virus or anti-malware,
- Enable multi-factor authentication (MFA) when available,
- Educate your employees on cybersecurity,
- Back up your data, and
- Create and implement an incident response plan.
It’s up to you to start implementing these best practices to protect your business. Unfortunately, even the best cybersecurity plans can still be susceptible to an attack. And, it’s for this very reason that we recommend all businesses consider a cyber insurance policy.
What is cyber insurance?
Cyber insurance is a way for business owners to transfer some of their cyber risk to an insurance policy. The threat of a cyber-attack on your business is a fundamental risk just like the risk of a fire destroying your property or a customer slipping and falling at your business. You purchase property and liability insurance for these exposures. Unfortunately, traditional policies don’t provide substantial protection from a cyber-related loss. A standalone cyber insurance policy should be a part of your insurance program just like property, liability, and workers compensation insurance have been for decades.
What does it cover?
You’ve likely heard of first-party and third-party coverages in insurance policies. First-party typically refers to your small business, while your customers and other stakeholders are referred to as a third-party. When considering how a cyber-attack may affect your business, you need to look for a policy that offers both coverages.
Here are some examples of how first-party coverage may apply:
- Business interruption coverage will help you recover lost income and get back to business as normal after a covered cyber event. A second type of business interruption coverage is dependent or contingent interruption. This applies to a business income loss resulting from a cyber-related event that occurs outside of your business. Vulnerabilities in your supply chain can expose you to this type of risk.
- When a cyber extortion threat occurs such as a ransomware attack, this coverage can reimburse you for the funds needed to pay to regain control over your system.
- After a security breach, data recovery insurance will cover the costs associated with restoring and recovering your data.
- Breach response coverage provides you with specific services needed after an incident. One such example is the need for an expert to determine the cause of the breach and implement measures to limit further disruption. A second example is deploying a public relations professional to help with reputation management.
- Computer crime insurance can reimburse you for lost funds when an employee follows fraudulent instructions from a bad actor.
Here are a couple of examples of how third-party coverage may apply:
- When you are legally obligated to pay damages and expenses to others because of a breach, your data and network liability coverage will be triggered.
- Regulatory defense and penalty coverage pays when you fail to comply with regulatory actions such as notifying customers after a breach within a certain timeframe.
It’s important to note that these are just a few examples of how first- and third-party coverage may apply. Every cyber policy is different and may expand or limit your coverage.
When and how do I purchase cyber insurance?
In short, now is the best time to secure a cyber insurance policy. The cyber threat landscape is changing every day meaning you are more vulnerable today than you were yesterday.
A licensed insurance professional that understands these cyber concepts can guide you through the insurance buying process. He or she will:
- Ensure you have the proper cybersecurity policies and procedures in place in your business. You’ve seen these before (password security, anti-virus software, MFA, etc). Almost all insurance companies require these to be in place before offering an insurance policy.
- Find the right company and policy that is matched to covering your unique risks. As we mentioned before, cyber policies can differ, and it’s important to find one that fits you.
- Connect you and your employees to the proper (and usually free) training and support provided by your insurance company.
- Monitor and review your business practices as you grow to ensure your specific cyber coverage grows with you.
If you’d like to learn more from a licensed professional at our sister company, MPB Financial, please call us at 717-257-9018 or simply complete our Contact Us form.
The relative newness and breadth of cyber exposures combined with the speed at which they change, requires us all to be vigilant and work together. In an uncertain environment, one thing is true – cyber risk is not going away. Cyber-attacks are on the rise, and businesses (large or small) will continue to be targeted. Contact Us today to learn more about how we can help you protect your business, employees, and customers.
Insurance products and services offered through MPB Financial Services Group, LLC, a subsidiary of Mid Penn Bancorp, Inc., are not a deposit, not FDIC insured, not guaranteed by a bank, and not insured by any federal government agency.
The material on this site was created for educational purposes. It is not intended to be and should not be treated as legal, tax, investment, accounting, or other professional advice.
Securities and Insurance Products:
NOT A DEPOSIT | NOT FDIC INSURED | NOT BANK GUARANTEED | NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY | MAY LOSE VALUE