Get Covered – Cyber Insurance For Small and Medium Sized Businesses
Yes, there’s one more thing you need to worry about as a small- or medium-sized business owner, and it’s not the fact that you could be targeted by cyber criminals.
It’s insurance.
You already know about insurance policies that cover fire or water damage. Now, you need to think about buying insurance that covers you if you fall victim to cyber attack.
It goes by a variety of names – cyber risk insurance or cyber liability insurance coverage, for instance. Whatever it’s called, its purpose is to help a business deal with the costs associated with recovering from a cyber security attack. Believe it or not, those costs can become insurmountable very quickly. You might have to pay to hire a special team of technology experts, new computers, and new software. Your business might have been humming along quite nicely. But, the financial strain of dealing with an attack can put your business over the edge.
Like any insurance, you don’t ever want to have to use the coverage! But, investing in the right policy is definitely worth your time and money.
According to a report by PWC, “cyber crime costs the global economy more than $400 billion a year….” Can you believe that only a third of American businesses have cyber insurance? Most of those companies are larger corporations. I have to tell you, though, that almost half of all phishing attacks are directed toward small- and medium-sized businesses. The criminal element out there in the online world is pretty sure that your security systems are inadequate or non-existent. Take a look. Are they right?
What does it cover?
Insurance policies should be customized according to your business needs. So, sit down with your insurance professional, and don’t sign anything until you’ve discussed all the scenarios. As a general guideline, make sure you at least consider the following:
Investigation. Once your business has been attacked, you’re going to need a tech professional to go back in time to figure out what exactly happened. That team or individual will need to determine exactly what kind of attack your business sustained; what’s been lost; why the breach happened; how the breach happened; and ultimately, how to repair any damage that your business sustained.
Losses. A cyber attack can be as damaging (if not more damaging!) than a physical attack on your property. Ask each insurance company you interview whether the policy will cover these areas:
– errors due to negligence (like if an employee sends a confidential document to the wrong person);
– financial losses due to downtime (you can’t do business if your computers are down);
– data loss recovery (you’ll need a team to recover or redo all those files full of client information);
– repair a damaged reputation (whether the breach was your fault or not, your clients may no longer trust you).
Privacy and communication. Cyber breaches happen. How you deal with them can make the difference between rising up or falling behind. You’ll need an insurance policy that allows you the financial ability to implement a privacy and communications plan. In other words, in this worst case scenario, you will need to pay for the time and resources it takes to send out notifications to clients, conduct increased credit monitoring, follow the data trail so that you know whether your clients’ private data has been compromised or how it might be used.
Lawsuits and extortion. Yes, we have to consider the fact that dealing with a cyber attack may not be your only worry. Your clients may want to sue you, and the cyber criminals may want to extort money from you in exchange for the stolen data. You may also need to hire a team of lawyers, pay a settlement to those affected, or pay regulatory fines.
You see where this is all going. Cyber attacks affect every level of your business.
What can I do?
As I’ve already suggested, sit down with your insurance provider and have a long talk. It’s true that cyber crime is evolving very quickly, and insurance companies have not completely come on board. Regardless, you should be able to purchase a product that serves your needs. If your current insurance provider can’t help you, find one that can.
Look for an insurance provider that will allow you to customize the coverage to your own specific needs. Compare deductibles. Most importantly, ask the insurance provider to let you in on all possible limitations to the policy. The absolute last thing you want is to ask your insurance agent for help in the middle of a crisis and be told that your policy does not cover whatever has happened to you.
Find out if the policy will cover all kinds of attacks whether they are targeted, accidental (like ransomware attacks), or non-malicious (like that confidential file an employee sent to the wrong person).
Impress the insurers.
You should never feel that you are at the mercy of the insurance company. You can control the situation by letting the agent know that you’re shopping around for the best coverage that suits your needs. You should also let the agent know that you can truthfully assess how vulnerable your company is to attack. Tell them what steps you’ve already taken to guard against breaches. You try hard to grow your business. Make sure the insurance company understands that you’re serious about protection and coverage.