Cybersecurity Insurance: Are small businesses vulnerable to hacking?

A data breach is nothing to joke about. According to the Ponemon Institute’s Cost of Data Breach Survey, the average organizational cost of a data breach was $3.8 million in 2019. Imagine the damages a data breach could cause a business, especially a small business. It is a common misconception that small businesses will never be hacked because of their size, that they are not appealing to criminals; however, no company is immune to data breach. Small businesses are even sometimes seen as easy targets of data breaches and cyber-attacks.

A few eye opening numbers:

• 43% of cyber-attacks are targeted at small businesses
• IoT attacks were up by 600% in 2017
• 91% of attacks launch with a phishing email
• In most cases, it takes companies 6 months to detect a data breach
• The global cost of online crime is expected to reach $6 Trillion by 2021

As we all know, computers have become an imperative part of operating a business, big or small. Computers, along with the internet and smartphones, are also one of the easiest means for criminals or unauthorized individuals to get a hold of data and/or shut your business down if they hack in. Many businesses attempt to prevent this from occurring by using firewalls and other safeguards, but unfortunately, regardless of the precautions one takes to safeguard information and materials, a data breach can still take place.

A common fallacy believed by business owners, especially those of small businesses, is that the damages caused by the media or by the lawsuits from clients is covered under their Business Insurance policy. This is incorrect. Unless you have purchased a Cyber Risk policy, you will have no coverage. Take a moment and review your Business Owners policy or your General Liability policy. Pay attention to the exclusions section, you will see that cyber/data breaches are not covered by these types of policies.

So, what should you do to prevent something like this from happening to you? Purchase a Cyber Risk policy. Possible exposures covered by one of these policies may include:

• Data Breach
• Intellectual property rights
• Damages to a third-party system
• System failure
• Cyber extortion
• Business interruption
• Wire fraud

The cost for a policy like this will depend on your revenue and how you protect your data from being hacked. For most small businesses, you can protect your business with a Cyber Risk policy for less than $150 per month. For a larger business with multiple employees and thousands of records, the cost will increase because the exposure increases.

In addition to purchasing a Cyber Risk policy, there are other cost-effective steps you can take to prevent data breaches from happening to you:

• Train employees in cyber security principles.
• Install, use and regularly update antivirus and antispyware software on every computer used in your business.
• Use a firewall for your internet connection.
• Download and install software updates for your operating systems and applications as they become available.
• Have backup copies of important business data and information.
• Control physical access to your computers and network components.
• Secure all Wi-Fi networks and if you have a Wi-Fi network for your workplace, make sure it is secure and hidden.
• Require individual user accounts for each employee.
• Limit employee access to data and information, and limit authority to install software.
• Regularly change passwords.

In addition to the listed tips above, the Federal Communications Commission (FCC) provides a great tool for small business where you can create and save a custom cyber security plan. It allows you to choose from a menu of expert advice to address the specific needs and concerns for your business. It can be found at www.fcc.gov/cyberplanner.

As a business owner, we recommend you are proactive and take action now by researching this topic and the laws of your state, and learn how to safeguard your company. It is vital that you protect your business from data breaches and cyber-attacks. The chance of something like this happening to you should be taken very seriously and all possible avenues of prevention should be utilized. Talk to an insurance provider today about purchasing a Cyber Risk policy for the safety of your business.