As a small business owner, you have worked hard to get to where you are. You have overcome obstacles to build your business. You have achieved a certain measure of success. If you are like most business owners I have met, you are not entirely satisfied with the results of your efforts and are actively seeking to expand your opportunities. Yet, I get many blank looks and head shaking when I question how prepared you are to deal with a cyber-attack or a data breach.
- Do you have the procedures to respond to a ransomware attack or a data breach?
- Do you have the business savvy to handle the repercussions of such an attack on your business?
- Do you have the available capital to handle the effort involved in a cleanup?
- Do you have a cyber liability policy?
I have researched and found reports that more than 30 percent of small businesses do not have procedures to mitigate a known risk that can put them out of business. More importantly, most business owners do not understand what they must do when they become victims of a cyber-attack or data breach.
In the scheme of things, most small business owners are not thinking ahead and building a buffer of financial credit to work through any cyber threat. Many small business owners do not have insurance coverage to help provide resources for a breach or cyber-attack.
Ransomware attacks and data breaches are risks. Those are facts. As a business owner, if either occurs, you will be subjected to significant financial challenges and potential damage to your reputation.
According to Ryan Replogle, an attorney specializing in cybersecurity for Beckman Lawson, a law firm in Fort Wayne, Indiana, “Data thieves routinely exploit human judgment lapses, physical security weaknesses, and business process loopholes to steal sensitive data.”
Does your business create and store personal information about your clients? If so, you need to be alert to the inevitability of some form of data breach. Cybercriminals highly covet records that contain bank account information, credit card numbers, dates of birth, email addresses, or social security numbers. However, you must be especially cautious if you have any health-related information on your computer system. On the dark web, medical records draw a far higher price than credit cards.
The cyber risk assessment and data breach services company NetDiligence issued their 2023 Cyber Claims Study, which analyzed more than 9,000 claims for incidents from 2018 through 2022. They found that the business sectors most affected by data breaches are:
- Professional services
- Healthcare
- Manufacturing
- Financial services
- Retail
Ransomware and business email compromise (BEC) attacks were the leading causes of loss across sectors.
When preparing for – and responding to – a cyber-attack or data breach, it is critical to have comprehensive insurance coverage. Cyber liability insurance generally covers financial losses resulting from data breaches and other cyber events. There are two aspects to these policies:
- First-party coverage applies to losses sustained by your business.
- Third-party coverage applies to claims against your business by people (your clients) affected by your business’s actions or inactions.
Be aware that cyber insurance comes in many forms. I implore you to shop around for your policy and negotiate with your agent for the appropriate coverage for your business. Keep in mind there is no standard form of cyber insurance. While most contain first-party and third-party coverage, the scope varies widely among insurance carriers, as do the monthly premiums.
Getting the right insurance broker is of paramount importance. A qualified specialist broker will save you time determining what is appropriate for your business. I should also note that this may not be the broker you use for other business insurance needs.
An insurance company’s underwriter will want to know about your business’s ability to detect and respond to a data breach or cyber-attack. If you rely on technology for your business, how quickly would you be able to resume your normal operations after an event? Do you have backup plans or any operational redundancy? Appropriate documentation of your business’ procedures is critical to getting the proper coverage.
Insurance carriers want to reduce their expenses however they can. Commensurate with this kind of action is the other side: cyber liability insurance rates are rising rapidly and at almost astronomical levels.
I am investigating a new set of products that combines a multi-layered security suite with cyber insurance coverage. I hope to have a reasonably priced offering available for my small business clients by the third quarter of 2024.
This month’s article is an excerpt from a draft version of my new book, “12 Ways to Protect Your Business from a Cyber Attack.”
Thanks, and safe computing!