An alarming number of data breaches and cyberattacks have occurred in the past several years, thanks to a global pandemic and various other factors. More precisely, cyberattacks have increased by 27% compared to 2020, with phishing and ransomware leading the way.
As a result, all businesses — from startups to worldwide enterprises — must guard against these threats more vigilantly than ever. Unsurprisingly, cyber liability insurance has transformed from a coverage option to a must-have policy. Still, many startups have gaps in their cyber insurance, leaving them exposed and unprotected. Let’s review some of these gaps and how to avoid them.
1. Low limits
Modern-day cybercriminals execute sophisticated, multitiered attacks, costing companies an average of $4 million in the U.S. However, many entrepreneurs and startup leaders opt for no cyber insurance whatsoever. So, when a cyberattack occurs, they foot the recovery bill. Naturally, navigating such an adverse financial outcome often results in businesses failing to develop past the early stages.
On another note, other startups purchase a cyber liability policy with blind optimism, choosing limits of $1 million or less. But limits this low don’t usually cover a cyberattack’s average cost. Remember, insurance limits are adjustable. As an entrepreneur, you don’t have to settle for the first or cheapest insurance quote handed to you.
According to Inc., roughly 60% of small businesses shutter after a data breach. These businesses likely didn’t have adequate limits to cover the financial impact — a common gap. So, aligning your cyber insurance limits with your needs is imperative to avoid folding.
2. Vulnerable supply chains
COVID-19 disrupted the flow of goods and materials significantly, despite ushering in new demands for various products and services. Strangely enough, some industries were impacted adversely, while others didn’t feel the sting as severely.
However, most company leaders learned quickly that cybersecurity issues affect supply chains. The impact trickles down throughout the entire company, making resilience critical for the future.
As a result, entrepreneurs bouncing back from the global pandemic’s hit must examine their supply chain. Do you regularly assess your vendor’s security levels? How vulnerable is your vendor to cyberattacks? What impact would it have on your company if a supplier experienced an attack?
According to EY, here’s the good news: there’s a shift from linear supply chains to more integrated networks. This approach connects more players and strengthens cybersecurity — both advantageous for more intelligent risk management. In examining your cybersecurity strategy, remember to factor in your supply chain players.
3. Inadequate cybersecurity
If you’re like most businesses, a breach of personally identifiable information (PII) is the most feared threat. However, plenty more cyberattacks could damage your company, such as malware, phishing, ransomware, etc. Consider that 50% of businesses experienced an attempted attack on their software this year; however, a breach of PII only impacted 20% of companies.
Here’s the thing; many startups don’t focus on the most significant cyber threats — or any at all. Knowing your enemy is critical. Startups must conduct regular searches to help identify potential hazards and weak links in systems. A growing number of insurers require businesses to follow various best cybersecurity practices to place cyber policies.
Unfortunately, many startups would be unprofitable if just one of their critical systems experienced an attack. Even the slightest blip in profitability can stalemate a startup financially. One of the biggest gaps in cyber insurance is being lax with data protection applications, so do what you can to avoid this oversight.
4. No recovery plan
Many startups have adequate coverage but lack a solid recovery plan, which creates a unique gap in their cyber liability insurance. Cyber insurance payouts should have a specific purpose: to support recovery. Without a plan, the clean-up of a cyber attack is often more scattershot than anything.
In assessing your cybersecurity, consider that it’s not if you encounter an attack; it’s when. But cyberattacks don’t have to be detrimental or close the doors of your business for good. Still, it’s time to think about how you will navigate an attack on your systems.
Recovering from an attack means taking deliberate actions to mitigate the damage. So, how will you inform clients? Can you stop all operations to locate the virus? How will you make up for the damage and prevent additional data loss? Can you afford legal counsel to protect your clients and professional reputation? Proper payout allocation makes for a quicker recovery, so take the time now to plan.
5. Media-influenced decisions
Entrepreneurs tend to be fantastic networkers, surrounding themselves with knowledgeable individuals online and in-person. You’ve likely relied on this strategy a time or two. While this strategy is stellar, it comes with a handful of pitfalls.
For example, headlines don’t reveal the most significant cybersecurity threats to your business, nor do real-life stories from your competitors. While this information provides a clue into what to watch, it doesn’t give you the complete picture.
It’s easy to get caught up in the buzz of what’s happening to others. However, as a business leader, you must customize your cyber insurance policy to your needs, not trends. Knowing how to protect your company requires insight into your specific vulnerabilities, and identifying these means taking a hard look at your particular situation.
How to customize your cyber insurance
The first step in customizing your cyber liability insurance is to purchase the policy. Often, this decision snowballs into developing a more robust cyber risk management plan. Every business story has a beginning, after all.
Naturally, a reputable commercial insurance broker who’s familiar with your industry can help you build an insurance program that suits your needs. And customizing your cyber insurance comes next.
Understand that insurers offer plans to cover data breaches, but that’s not the end game. Consider your business’s vulnerabilities and start customizing using that information. Cybercriminals now launch massive ransomware and malware attacks, so you must stay up-to-date on the newest cyber trends.
Cyber liability insurance isn’t one-size-fits-all, and each startup requires a different approach to data protection. Know your company and industry top to bottom, and build a cyber policy that works as hard for you as you work for your business.
Originally published Jan. 11, 2022.