With technology playing a critical role in the daily operations of most companies, a growing number of small business owners are investing in the financial protection and risk management services available through cyber insurance policies.
The perception that cyber insurance was only needed by large companies is fading as companies of all sizes depend more on technology and understand how that dependence exposes them to potential risk.
Small businesses are not immune from cyber risk for several reasons. First, they’re less likely to have dedicated cyber security teams than their larger counterparts, so hackers consider them an easier target. Similarly, a lot of small businesses are less sophisticated about updating their software, potentially making them vulnerable to threats that larger companies have addressed.
And because a lot of small companies provide services to large enterprises, they’re often targeted as a way to get past the large company’s cyber defenses. In fact, many large companies require cyber insurance in their contracts with service providers and vendors.
Beyond hackers, cyber liability risks can emerge if data is disclosed because of employee error, a phishing or identity theft incident, or someone losing a laptop or phone with customer data stored on it.
In addition, traditional liability policies are designed to respond to physical risks, not digital ones. Your business owners’ package (BOP) or general liability policies will, for example, exclude coverage for cyber-related risks (unless cyber coverage has been added to a package policy).
Given these risks, cyber insurance can be a prudent investment to any company that conducts business, stores data or access information online - which is pretty much all of us.
Understand The Coverage
While coverage and costs can vary according to a company’s size and industry, insurance tends to cover one of two forms (although some packages will combine both):
- First-party insurance will cover direct costs associated with a breach. These may include the costs of notifying customers (which is required in many states), loss of income from a breach, and costs of replacing vulnerable technology. Policies may also cover the costs of investigating an incident, crisis management expenses and cyber extortion costs.
- Third-party coverage will cover defense costs if someone sues your company following a breach, settlement expenses, court-ordered damages, and related expenses.
A growing number of insurance companies are also offering cyber-related loss control services to their small business customers. These offerings vary but can include guidance on installing or updating security software, compliance with payment-card security requirements, using virtual private networks to secure authorized remote access into your company’s network, security audits, employee training, and other services.
Regardless of size of your company and the nature of the information you process or store, cyber insurance is worth discussing with your insurance professional to make sure your risks are being mitigated effectively.