As headlines of cyber attacks on our government and large corporations increase, business owners of small and medium-sized businesses should be aware that cybercriminals are not only after the big fish. The reality is that cybercriminals don’t discriminate by size. In fact, cyber attacks on small and medium-sized businesses are more common than you might think. The Ponemon Institute reports that 66% of companies with less than 1,000 employees have experienced a cyber attack in the last 12 months and 69% experienced an attack that got past their intrusion detection system.
The same report found that 60% of those businesses could go out of business due to damages associated with a cyber attack. With an average cost of a lost or stolen record at $146, a data breach could cost a business in the tens or hundreds of thousands of dollars. Cybercriminal payroll and wire fraud could even reach millions of dollars in losses.
How do you know if your business is at risk?
Your small business is at risk of attack if you:
- Use computers or other mobile devices in your operations
- Accept credit card payments or other digital payments
- Save confidential customer information
- Store medical or financial data
What could happen to your business in a cyberattack?
There are countless examples of how a cyber attack or data breach could disrupt business, cost substantial time and money, and cause long-term damage to a business’ reputation. Here are just a few:
- Medical record destruction: A hearing center permanently shut its doors after a devastating ransomware attack that destroyed all of its electronic medical records. Rather than pay the ransom and rebuild its systems, the practice’s physicians decided to close.
- Payroll hack: A car dealership lost tens of thousands of dollars when cybercriminals broke into their network, swiped bank account info and added fake employees to the company payroll.
- Password breach: A real estate development firm had millions of dollars drained from its bank account after attackers gained access to a company email account. Information gleaned from emails allowed the cybercriminals to impersonate the owner and convince a bookkeeper to wire money to an account in China.
- Point-of-sale attack: A retail employee clicked on a link in a phishing email that appeared to be from a vendor, allowing a cybercriminal to install ransomware on the company network. The attack spread to the retailer’s branches and all of its point-of-sale registers, effectively stopping all transactions. The business temporarily closed its stores as it could not afford the ransom and did not have security vendors to immediately help it deal the attack.
- Photocopier breach: A real estate agency leased a printer/photocopier that had been previously leased by an accounting firm. An employee at the agency discovered that the internal hard drive still contained all the files that had been previously copied by the accounting firm, including clients’ confidential personal and financial information. By law, the accounting firm was required to report the data breach and notify clients. The firm was sued by one of its clients.
The solution that could save a business in a cyber attack and data breach is cyber insurance. However, despite the rise in cyberattacks, a recent survey released by CyberScout reports that 69% of responding businesses did not carry cyber insurance, nor did they have the appropriate security measures in place.
How can cyber insurance help your business?
Cyber insurance protects businesses against computer and network-related crimes and losses. A cyber insurance policy is designed to cover privacy, data and network exposures. When you have a policy in place, your carrier will immediately connect you with a network of cyber security experts to help you act quickly in the case of an attack. A cyber policy may cover:
- Cyber extortion: covering response costs associated with network-based ransomware attacks, including security forensics to detect the extent of an attack, cyber negotiation and legal expertise, and financial payments. Cybercriminals are increasingly using ransomware, a type of malicious software or malware, to deny access to an organization’s computer system or data through encryption. The cybercriminals demand ransom in return for providing the decryption key.
- Data breach:covering response costs associated with a breach, such as security forensic costs to confirm and identify the breach, legal expertise, costs to notify affected individuals, credit protection services and monitoring for affected individuals, and public relations costs for crisis management and reputation management. Coverage may also extend to regulatory and payment card industry (PCI) fines and penalties (where insurable by law) when levied due to privacy regulations.
- Business interruption: covering lost business income when a company has its network-dependent revenue interrupted.
- Data recovery: covering costs to replace, restore or repair damaged or destroyed data and software.
- Network security liability: providing third-party liability and defense for losses resulting from a breach of sensitive or confidential business information of others. Coverage may also extend to the unintentional forwarding of malware to others.
- Data compromise defense and liability: providing third-party liability and defense for losses resulting from a personal data breach.
In addition, cyber policies may offer security consultants and resources to help you prevent security attacks and data breaches, including access to employee training and recommendations on security systems and protocols.
There are many options for cyber insurance depending on your business’ unique risks. Working with a commercial insurance broker specializing in cyber insurance will help you find the right policy for your business and budget.
This content is for informational purposes only. Consult your actual insurance policy for details regarding terms, conditions, coverage, and exclusions.