The dreaded 180-day notification arrives on your computer. It’s time to change your password again. What version of a pet’s name or mother’s maiden name will you use this time? Max1234? Sherbert5678? Now, you must remember this new password and the one to your credit card and your bank and your Venmo and on and on. It is exhausting and, sometimes, you wonder if it is all worth it. After all, who would hack my accounts? You’re no Fortune 500 company, no millionaire — just an average person with a small business. You have a few employees and project $200,000 in sales, not $20 million. Yet, all around you, cybersecurity and ransomware attacks buzz, and it’s best that you invest in cyber insurance.
Read a multitude of insurance websites or simply your local newspaper, and there is invariably a news story of a cyberattack every week: According to InsuranceJournal.com, hackers have been sharing personal information of Tulsa, Oklahoma, residents after breaking into town hall servers. Georgia’s St. Joseph’s/Candler health system had its computer systems shut down for a week. Similarly, a cyberattack on Vermont’s largest hospital has estimated recovery costs upward of $63 million. Then, over the Fourth of July weekend, Russian hackers from an outfit dubbed REvil attacked businesses in 17 countries, demanding payouts as high as $5 million and as low as $45,000 from smaller operations, according to the Associated Press.
Bigger firms are often targeted with demands of $30 to $50 million in ransom payments, per InsuranceJournal.com, but even small businesses are feeling the heat, with the average ransomware payment valued at $220,000, per Coveware. Small businesses are vulnerable, too, because they often lack the sophisticated defense mechanisms put in place by larger companies.
Here’s why you should invest in cyber insurance for your startup
The FBI is working to counter cyberattacks, but the agency tends to target its efforts on million- and billion-dollar businesses, leaving mom-and-pop shops to largely fend for themselves.
The good news? Cyber insurance is still relatively affordable, though recent trends have industry insiders predicting rates to rise. Premiums are influenced by exposure and the level of risk management protocols in place to mitigate threats, but for small businesses scrutinizing every expense, it is far more affordable to pay a few hundred dollars in preventative coverage than to pay thousands if servers and systems are broken into and customer information is compromised.
“One of the important reasons middle-market and smaller organizations purchase cyber insurance is that virtually all insurers offer a panel of pre-approved outside vendors that can assist insureds on both a pre- and post-incident basis,” Doug Miller, senior vice president of specialty risk practice for Kapnick Insurance Group, said. “These vendors include specialized law firms, incident-response firms, IT forensic companies, credit/identity monitoring, public relations and other cybersecurity and technology firms, which may otherwise be unknown to an insured. Accordingly, should there be an incident, insureds do not have to scramble around to research, identify and hire such experts themselves. Knowing their fees will be paid for by the insurance makes a difficult situation much easier.”
How does cyber insurance work?
While the actual ransom payments receive the greatest attention, there are several costs associated with a cyber or ransomware attack in which your insurance coverage will provide considerable benefit, including:
- Costs incurred when responding to the breach, including public relations expenses, legal guidance and forensic investigative expenses.
- Defense and indemnity for lawsuits alleging failure to protect confidential information, prevent an attack, failure to provide timely notice of a breach and additional medial liability allegations including defamation, libel and slander.
- Costs from fines and penalties imposed by the government for non-compliance with federal and state privacy laws.
- Reimbursement of lost revenue due to a network outage caused by an attack or system failure at the insured.
- Cost to restore damaged or destroyed data, software and hardware.
What does that all mean?
For a small business, it could be the difference between continued operations and bankruptcy.
Even if you win a court case, legal fees can be overwhelming, sabotaging your cash flow and future growth opportunities. Cyber insurance covers those legal costs, so you can continue to invest in your business’ short- and long-term future.
If you or an employee accidentally falls victim to a phishing scam and your hard drive and network are held captive for hours, days or even weeks, cyber insurance coverage will not only help with the costs associated with rebuilding your computer systems but will also provide business interruption income, keeping the cash flow going, even on days you cannot serve customers or clients.
Every policy is written with nuance, so it is incredibly important you discuss in-depth with your insurance agent what your policy coverage includes and what is excluded. But in today’s climate, where the proliferation of hackers is growing exponentially, every business, large or small, is at risk to suffer an attack, and organizations like REvil will offer no mercy. They do not care if you are a one-person operation in which you’ve invested your life savings. Whether for sport or for financial gain, their aim is simple — to cause you the greatest devastation.
Thankfully, insurance carriers have responded in kind and are positioned to return you whole. A good broker will insist on cyber risk mitigation as part of your policy. However, it is your imperative, whether as an established small business owner or as a first-time entrepreneur, to demand full protection against every threat, those caused by storm, employee neglect or sinister forces with a keyboard.