Cyber Insurance Explained
- What is cyber insurance?
- What does it cover?
- Who needs it?
- Should I buy it?
These are not just questions, but crucial considerations for every business owner. In this article, we’ll delve into the importance of cyber insurance and why it’s a must-have for every small business.
It’s a common occurrence in my conversations with business owners. When I broach the topic of cyber insurance, the response is often a surprised ‘I never heard of that before.’ This reaction never fails to shock me, considering the importance of this type of insurance.
As someone deeply involved in the insurance business, I often assume that everyone is aware of the importance of cyber insurance. However, the reality is that this crucial coverage is not widely known. In this video, I aim to shed light on the significance of cyber insurance and why I believe it’s a necessity for every small business.
Hi, I’m Gordon Coyle; welcome to our blog! If I don’t answer the question on your mind that brought you to this article, reach out, and let’s connect. I’d love to hear from you.
Okay, so let’s start with:
What cyber insurance is and what it covers.
Cyber insurance, also called cyber liability insurance or cyber security insurance, is a unique form of protection designed to protect a company from three major threats posed by hackers and other malicious vectors.
The first coverage part is for potential lawsuits and other mandated costs you would have to pay when your data, including your customer’s private information, is breached. This is known as Third-Party coverage.
An example of a breach is when hackers gain access to a company’s network – and believe it or not, that happens an estimated 2,300 times a day in the US – and that hacker steals private information that they’ll try and sell on the dark web, or use themselves for nefarious purposes.
When a breach like this happens, several expensive issues get triggered:
- Notify all the record holders—these are the customers and vendors in that network whose data may have been exposed.
- Investigation and remediation of the systems to prevent further breaches.
- Restoration of data that may have been damaged or destroyed.
- Legal costs incurred to comply with notifications and other issues
- and expensive lawsuits that will allege a failure of the company to keep private information safe.
Depending on the number of records potentially breached, these events can cost a company five figures or more and result in millions of dollars in expense and loss. Without cyber coverage, a company is out of pocket since most other business policies don’t cover these types of claims.
The second coverage part is first-party coverage, which refers to costs you directly incur from cyber-related events. Today, this is where most of the claim action is happening.
Ransomware….
Ransomware is the big deal here. A ransomware event occurs when an employee accidentally opens a malicious file or clicks a malicious link in an email, and malware—which is essentially a virus—explodes in your network and seizes control of it.
Ransomware attacks occur almost 2 million times a day. They can happen in a three-person firm that doesn’t have a server as easily as they can in a large manufacturing plant with 1,000 employees that houses servers and cloud servers.
It doesn’t matter what type of computer infrastructure you have—if your computers are connected in some way, shape, or form, this virus will infect all the computers, servers, and other devices attached to that system and hold them hostage until a ransom is paid.
Ransoms can be tens of thousands to millions of dollars and usually scale with the size of the business and the number of users.
The actual ransom isn’t the end of the costs in these types of claims. Forensics, legal, IT, business interruption, reputational damages, downtime, and more all rolled up to big numbers that most cyber policies will pay for. Without cyber insurance, you’re paying these costs out of pocket, and they can be substantial.
The final coverage part of a cyber policy is cybercrime coverage.
Social engineering, fraudulent funds transfer, etc., are covered here, and hackers are also hammered in this area right now. You’ve heard stories about cyber crime or may have a friend or associate who’s experienced being tricked by an email, text, or Teams message that purports to be a decision maker in the company asking the bookkeeper or CFO to wire funds to an account they think is legit but is, in fact, fake and the hacker gets away with hundreds of thousands of dollars from the company.
This continues to happen at an alarming rate even though most of us “know better.” Hackers perpetuating this scheme are now deploying AI to make their work easier and faster so they can trick ten times as many businesses as before.
So, I’ve identified the three coverage parts of a policy and what they cover, but that’s not really the most important part of this discussion. In my opinion, the most important thing a cyber policy does is provide you with an emergency hotline when something bad happens.
Think about it. What would you do if hackers suddenly took over your e-commerce store in the middle of the night?
Who Would You Call?
If you’re a mid-sized business and your network was suddenly taken hostage, what would you do?
If you were any type of business, any size business, and suddenly found yourself unable to sell your product, service your customer or client, or there was a security breach threatening your company, what would you do?
Or, your Bookkeeper just wired $200,000 to a fraudulent account. What would you do? Who would you call?
This is a serious question: who would you call to start unraveling these problems?
The next question is: How would you pay for those experts to recover your business? If there’s a six-figure ransom demand, how would you come up with the cash to pay for it? How would you negotiate with the hacker? How would you recover?
In a nutshell, this is what a cyber policy does – it provides you the knowledge, resources, and money to recover from an event that happens millions of times a day in the US to businesses of all sizes.
These events are not rare, not far-flung, and do not only happen to big corporations. They arise with more frequency than you can imagine and happen mostly to small and medium-sized businesses because they are easier to infiltrate than Fortune 500 firms.
Is Cyber Insurance worth buying?
To answer that, you probably need to know ….
What it costs.
For many small businesses, we’re talking about premiums in the $1,500 ballpark. For larger firms, as an example, I just quoted a company doing $75M a year in sales, and the cost for a robust cyber policy was under $15,000—yeah, that’s a big premium, but it represented less than 10% of that company’s spending on all its insurance policies, so it’s not outrageous.
The point is that the downside to not having this type of coverage is potentially catastrophic – the sort of thing that could quickly put the average business out of business. So, you’ve got to ask yourself a couple of questions if you’re a business owner or leader:
- Are you sure you have cyber insurance? Don’t assume anything here.
- Do you know the breadth and scope of coverage?
- Do you know the limitations or exclusions in your coverage?
- If your network was seized today, who would you call to report that event? Or is your policy locked up in your email account?
If you’re not sure you’ve got the proper protection, then maybe it’s time to find out. Contact me and let’s chat. I’ll review the policies you may already have and offer advice on how to improve them or get the proper coverage. There is no obligation—just some friendly advice because I think this is such an important issue for businesses of all sizes.
To connect, please click the Let’s Chat button in the top right corner of your screen. I promise no heavy-duty sales nonsense or aggressive tactics on the phone. We’re here to help you get the right protection.