The headlines might carry news of cyberattacks against large companies, such as Target and Home Depot, but the greater reality is that small businesses are as likely, if not more likely to experience a cyberattack. By one estimate, the number of cyberattacks experienced by small- to mid-size businesses (SMBs) increased by more than 40 percent from 2015 to 2016.
This rate of increase shows no signs of slowing down, which suggests that small businesses need to take steps to protect themselves against breaches of their computer networks by cybercriminals.
For at least four reasons, cyber insurance is an important part of that protection.
First, SMBs are less likely to utilize the sophisticated cyberdefenses that large companies are able to install in their own networks. Larger companies can devote more resources to employ large information technology teams and to install sophisticated detection technology in their information systems infrastructure.
Greater resources also give large businesses a better chance to keep cyberdefenses up to date and to detect a cyberattack early enough to stop before it does excessive damage. Unless a small business is willing or able to devote similar resources to its own network, cyber insurance is a sound alternative.
Customer Personal Data
Second, SMBs hold copious amounts of personal data from their customers. Many SMBs will discount both the amount and the depth of customer data that they maintain.
Cyberattackers know otherwise, and readily target small businesses to steal customer names, email addresses, purchase histories, and credit card information. Many SMBs maintain general liability and indemnity insurance to protect physical assets and to cover liabilities associated with negligence and errors.
Cyber insurance can extend that coverage to losses of valuable customer information.
Lawsuits from Cyberattacks
Third, lawsuits associated with losses from cyberattacks are expensive. Litigation and settlement costs associated with a handful of cyberattack lawsuits in 2014 are illustrative.
For example, the Florida behavioral health services provider, AvMed, established a $3.1 million settlement fund after more than a million of its clients’ social security numbers and health records were compromised in a cyberattack.
Or another example, the Missouri food retailer, Schnucks Markets, settled a cyberattack class action lawsuit for $2.1 million. The online ticket seller, Vendini, set up a $3 million settlement fund to reimburse customers whose data was placed at risk as a consequence of a cyberattack. Few SMBs can handle these kinds of costs without insurance coverage.
Last, a successful cyberattack can mean the death of an SMB. More than half of all SMBs that experience a cyberattack are out of business within six months after the attack.
A small business’s founders can work for years to build up the business, only to see all of the value that has been created evaporate as a result of one unauthorized network incursion.
A ransomware attack, for example, can freeze a company’s systems and delete critical data. If an SMB is unable to recreate that data, it will quickly shut its doors for good.
Over the past twenty years, cyber insurance companies have developed the expertise and know-how to evaluate risks faced by SMBs and to underwrite cyber defense insurance to cover those risks.
They also consult with their clients to evaluate their risk profiles and to establish better defenses and protocols to handle a cyberattack when it happens. If that cyberattack leads to direct financial losses and third party liabilities, the cyberinsurance can cover a large portion of those losses and liabilities, allowing the business to remain afloat while it rebuilds its internal structures and re-establishes sound relationships with its clients and customers.
No SMB can underestimate the cyber risks that it faces, and none can afford to insure against those risks.