In today’s online-driven world, it’s no surprise that securing sensitive information is essential. Just like you cover your small business for other possible risks (property damage, theft, injury, etc.) so should you also be thinking of how to keep your business safe from virtual attacks.
And lest you immediately think: But Janet – my business is completely different! Well, read on.
Data breaches are rampant these days (In fact the IRS just had one. Yikes!). So, it just makes good sense to put protocols into place to prepare.
And there is one specific way to prepare that I want to talk about today.
Now, with the 3rd quarter estimated tax deadline around the very near corner (9/15) as well as the corporate deadline.
And to continue looking out for you, I’d also like to get into what you can do to pad your business in terms of protecting your technological assets… specifically, a little something called cyber insurance.
Why Your Business Needs Cyber Insurance
“Passwords are like underwear: You don’t let people see it, you should change it very often and you shouldn’t share it with strangers.” – Chris Pirillo
The computers suddenly slow to a crawl. Customers start complaining they’re getting nonsense emails from your address. Out of nowhere, your system is telling all your employees to reset their password. And the biggie: You try to open a file and are told in big letters they’re now ENCRYPTED.
Congratulations: You’ve most likely been cyberattacked. What started in recent years with headline breaches of big boys like Facebook, Yahoo, Uber, and Target has become so common now that a whole industry has grown up to insure companies against these hackings.
What is cyberattack insurance – and how do you shop for it?
What have you got to lose?
Maybe it’s been a while since a household name in this country was cyberattacked, but maybe that’s also because the attacks are getting routine. Toward the end of last year, 1 in every 61 organizations the world over was hit by ransomware each week. The U.S. remains a top target.
What does the insurance industry think of this, well, mess? As you probably know, with business insurance, “exposures” translates into how often a business is susceptible to risks that can cause loss and in turn affect premiums. In terms of cyberattack, do you have a lot of customer data? A breach in that case could mean big liability to an insurance provider.
You should start your insurance shopping by assessing what the insurer’s going to have to pay for if you’re breached. How is your data stored? If electronically, how’s the security of your system? Do you use a cloud provider?
How do you back up your files? How often? Where are the backups kept? Do your employees take laptops out of the office? (That last one’s very common – and some companies don’t think about it until it’s too late.)
The average small business has to pay well into the five figures to recover from a cyberattack – if not more.
What you’re shopping for
Your standard business liability insurance either doesn’t protect you at all in the event of a cyberattack or gives you only barebones coverage. Not enough.
Cyber insurance generally comes as either first-party coverage (which helps you get your own network and systems back) or third-party coverage (to help clients, customers and partners hurt by the attack on your system).
Your policy should cover data breaches, cyberattacks, ransomware extortion, and terrorist acts. You should also see if the carrier will defend you in a lawsuit or regulatory investigation (look for “duty to defend” in the fine print) or provide coverage that exceeds other insurance you have.
Coverage usually addresses:
Loss of data. Your business policy typically covers your computer equipment but not the information that the equipment contains… Data that these days is even more important to keep your company running.
Business interruption. Ransomware hackers love to freeze computer systems. How much money would you lose if you were dead in the water for a day? A week? A month?
Investigation and notification costs. Depending on your industry, various federal and state laws require you to notify customers of data breaches. (You may even have to comply with the laws of every state where your customers live.) And you’re almost certainly going to need an outside cyber-forensic expert to drill down into what happened. Insurance can also help pay any fines or penalties you get hit with.
Legal costs. Expert counsel is key – and often expensive – in this field of liability.
PR costs. Brand rebuilding is pricey – and your reputation may need some TLC after your cyberattack hits the news.
Cyber insurance runs about fifteen hundred bucks a year, but the devil is in such details as your type and size of business and of course the deductible, among many others.
Whose market is it, anyway?
As cybercrooks evolve and get craftier (latest scam: bogus offers of COVID training for employees), insurance carriers are getting pickier about who and what they’ll cover. Carriers – including Lloyd’s of London – are growing increasingly wary of policies for protection from state-sponsored hacking.
Typically, carriers also won’t cover you if you have clear holes in your security before a breach occurs. They also often won’t reimburse you for future profits you lose from a cyberattack or even the costs of fortifying your systems against attacks down the road.
Ask about “social engineering” attack coverage. This is when your employees follow instructions from fraudulent emails or other electronic communication. It’s technically not a system breach, so you’ll probably need a special rider to cover it.
Your other questions for carriers:
- What’s your experience in my industry?
- Do you have a cyberattack hotline?
- What coverage do you plan to offer for incidents of international cyberwar?
- Can you help advise my company before an attack?
- Do you have other policyholders I could speak with?
While it seems you’re paying for every kind of insurance for your business, this is most certainly one you’ll want to have if you don’t have it already.
Protecting your business and your customers from cyber-thieves is something you need to account for in 2022 and ahead.
BE THE ROAR not the echo®