Cyber liability insurance is a relatively new product in the insurance marketplace. While its prevalence is rapidly expanding into a multi-billion dollar segment, most small business owners seem unconcerned with this liability exposure. Cyber liability insurance doesn’t usually cost an arm and a leg, but the costs associated with a breach can. For this reason, it’s a good idea to identify your business’s vulnerability as well as your insurance needs.
The reality is that a majority of cyber attacks are committed against small businesses. Often, these businesses have large amounts of client data, but lower security protocols, making them both a soft and profitable target for cyber criminals. A high percentage of the small businesses affected by cyber attacks will never recover and shutter their doors shortly after the breach.
Considering the following variables can help you determine if cyber liability coverage is a necessity for your startup:
Do you initiate electronic business-to-consumer transactions?
Initiating transactions is a prime way to put yourself on the hook in the event of a cyber breach. Many business owners incorrectly believe that using a third party vendor for transactions absolves them of responsibility. However, it is likely, even probable, that business owners who initiate such transactions will be at least partly responsible for damages that clientele sustain from a cyber attack. If you accept electronic means of payment or store client data electronically, you have likely exposed your business to the possibility of cyber liability claims.
Related: Liability Insurance: The Insurance You Can’t Afford to Forget
Do you have the ability to pay for restoration and monitoring costs?
If your business experiences a data breach, you may be legally required to pay for your customers’ identity restoration costs along with the damages they sustained because of the cyber attack. Furthermore, you may need to pay for monitoring services after your customers’ records are restored, in order to ensure they are not vulnerable to a subsequent attack. Costs of restoring records and monitoring can average hundreds of dollars per client. If your business has several thousand clients, you can quickly be looking at a $1,000,000 claim. If this financial burden would make it hard to continue business operations, a cyber liability policy is probably something you should discuss.
Do you have a plan to inform your clientele in the event of a breach?
Along with restoration and monitoring costs, a cyber liability policy may help you with the costs associated with notification. Some states have laws which require businesses to notify consumers in the event of a data breach. Even if no information was “stolen” or used to damage your clientele, an event that consists of unlicensed access to that information may require you to incur significant costs to notify. You should consider this legal requirement when determining how much cyber risk you can afford (or not afford) to self insure.
Do you have a plan for the time in which your business might be out of operation?
Make sure to discuss with your agent whether or not there are exclusions on your policy for business income loss due to data breach events. If you have business income coverage, which protects your loss of income in the event of a covered cause of loss, talk with your agent about how this coverage will apply to a cyber liability situation in the event you are unable to continue operations while your systems are restored and secured. If you are down for several weeks without a business income coverage or cyber liability policy, you may be facing the unfortunate circumstance of increased business costs alongside decreased revenues. If such losses and costs are more than your business could sustain, you should be discussing your options for risk transfer with a licensed insurance agent.
Sign Up: Receive the StartupNation newsletter!
Cyber liability conclusion
In our digital age, new risks to your business continue to emerge. Cyber liability is one that can be partially mitigated through security protocols and diligent IT efforts. Not every small business can afford the kind of infrastructure that can offer frontline protection against security breaches. Even so, large companies with sophisticated systems still experience data breaches, so the exposure can not be completely eliminated by hardware and software.
As such, risk transfer through a cyber policy is a good, and usually economical, way to close a significant liability coverage gap for your small business. There are multiple ways to obtain the coverage, from a stand-alone cyber policy to including it through endorsement on your business owners policy. Having a discussion with an experienced agent in your state is the best way to discover what option is right for you. The time to start the conversation about cyber liability is now.