Cyber Insurance 101
Have you been thinking of buying cyber insurance? Not sure what’s covered? Does your insurance agent make it sound important, but you don’t think it really applies to your business?
If those questions sound like they may apply to you, then this video is for you. I’m going to approach cyber insurance from a different perspective than most insurance brokers do. And, I’m going to try and explain it in terms that are relative to your world and circumstances.
Okay, cyber insurance. A relatively new form of coverage that everyone says you need, but you’re not convinced it’s all that important. I get it because most of the facts and statistics quoted in videos, blog posts, and articles talk about huge breaches or hacks at major firms or huge costs or events that had widespread impacts like the Colonial Pipeline hack earlier this year.
I’m going to try and explain Cyber Insurance in plain English from one business owner to another.
Let’s start with your data, your information, your systems that you have in your business. It doesn’t matter if you’re a physician, or if own an auto body shop or your firm is a small distributor or manufacturer. Just about every business manages their business operations with a computer or network of computers. Right
What would happen if one day your computers and the data in those computers just didn’t work? Meaning the systems were hacked, seized, or data was stolen or a virus had rendered your systems unusable? Cyber Insurance 101.
It would probably make conducting your business difficult or maybe even impossible. On top of the fact that you can’t run your business, you’re going to have a panic attack not knowing what to do next. Right?
Who do you call to fix that problem? Who is going to pay for the downtime now that you can’t operate at full capacity? What impact will this have on your customers, clients, or patients > meaning what if people show up for appointments or call you and need assistance and you can’t do anything because you can’t access their records?
Let’s say this goes on for days – or even weeks? Now what?
Let’s take it a step further and say that all your customer records were stolen and put up for sale on the dark web? By the way, this happens hundreds of times a day in the U.S. How would you comply with the mandatory response to notify all these customers? How would you pay for that response now that you’re effectively out of business until you restore your systems?
Taking another step forward and a few months down the road you receive a lawsuit from one or more customers claiming that you failed to keep their private information safe – and for clarification private information can be as simple as a name, address, phone, and email address. The demand in that lawsuit is for hundreds of thousands of dollars.
Okay, so I’ve painted a worst-case scenario of how the dominos can fall in a cyber event. The cascading events from a breach all the way to a lawsuit create tremendous disruption in the lives of business owners.
It’s not only emotionally upsetting because some stranger halfway around the world has infiltrated your network – you feel violated and threatened. You’re now thrown into a world you never thought you’d need to deal with – like having to notify all your customers of a breach, possible lawsuits, downed systems, data corruption, reputation damage, and the potential damages goes on… AND, this is all going on while you’re still trying to run a business, make a living, and grow your company!
The bottom line is that there are potentially hundreds of possible scenarios that a cyber event, hack, breach, or attack can have on your business and all of them spell trouble in the form of costs and damages that will lead to the loss of customers, revenue, and potentially trigger a bankruptcy. Yes, bankruptcy – 60% of small firms that suffer a cyber attack without insurance go bankrupt within 6 months of an event, it’s that serious.
Now I know a lot of decision-makers are thinking or would say something like:
- I have full backups of all my data.
- My system security is top-notch,
- or it’s not going to happen to me.
Those statements could be true. But no one is 100% safe or secure.
Here’s my perspective Cyber Insurance 101.
You purchase general liability insurance because of the unknown risk of someone slipping and falling in your premises and suing you for hundreds of thousands or millions of dollars. Or you purchase insurance on your business property because of the unknown potential for a fire to occur and destroy that property.
Cyber is one of the only risks you can purchase insurance for that has an almost certainty of happening in the next three years, statistically speaking.
As I just tried to run through, the costs associated with a cyber event can be pretty extreme.
Could your firm afford $100,000 to $400,000 out of pocket for a cyber event? That’s the average range of expenses a small business pays for a cyber event.
Or would it make sense to insure that possible (but very real risk) for say $1,500 to $3,500 in premium? That’s what we typically see in the range of premiums for small firms – larger companies over $10M in revenue have premiums in the $5,000 to $10,000 premium range.
I’d be happy to run a customized cyber insurance proposal for you to see what the exact cost would be.
The point is that I don’t know if your business will ever suffer a fire or a liability lawsuit which you probably have insurance for. You trade a few dollars in premium with an insurance company to pay for the damages you may suffer in the future if an event occurs.
But, statistically speaking you have a very strong potential of a cyber event occurring in the next three years. That event could cost you anywhere from a few dollars to millions of dollars. You just don’t know until it happens. Cyber insurance is going to do two things for you when that event occurs.
First, it’s going to be an expert resource to pick up the phone regardless of the time or day it happens to you, to tell you what steps you need to take to stop the threat and to begin recovering from it. Regardless if it’s a ransomware event or a garden variety hack. That resource is also going to help you coordinate your legal defenses, crisis management, digital forensics, and every other step mandated by law and good business practices.
The second thing cyber insurance 101 is going to do is to help you fund your recovery from lost business income, to the cost of hiring experts to remediate the threat, to paying for defense lawyers and possible settlements if you get sued for a data breach.
The same theory holds true. You trade a few dollars today with an insurance company so that if a cyber event occurs in the future, they will be there to help remediate the costs, threats, and damages which can easily and quickly reach into the 6 to 7 figure range.
Thanks for reading this post or watching this video, my name is Gordon Coyle and if you’re looking for help on cyber insurance, give me a call and let’s chat. No pressure, no sales gimmicks just some conversation to see if I can help you and if we might be a good fit for your business insurance needs. Click the button below to get started. Thanks!