Does my Small Business really need Cyber Insurance?

cyber insuranceDoes my Small Business really need Cyber Insurance?

I get this question a lot from small business owners. 

I get it.

You’re used to spending a certain amount on business insurance every year, and to increase that by, say, $2,500 or more to buy cyber insurance may be a big lift. 



So, let me take a minute and explain why most small businesses really do need cyber insurance. 

First, if you have data – any data that you feel has value.  When I say “value” I mean that it would impair your ability to run your business if you didn’t have that data tomorrow.   Pretty simple.

It could be as basic as your customer list, your billing platform, your marketing, and your sales CRM system, or it could be as complex as your financial and accounting system or your entire data management system. 

Now, if that data is held hostage, or destroyed, or exfiltrated – meaning some sensitive information is stolen, what would you do? 

Let’s break it down a bit. 

What do I mean by “held hostage?”

This is what happens in a ransomware attack – hackers seize control of your network or a single computer, and you can’t get access to it until you pay a ransom.  Even after paying the ransom, you still may not get your data back. 

When I say destroyed, data can be destroyed by an outside hacker, a malicious employee inside your organization, or through a simple error made by an employee without the intent of malice.   

Lastly, exfiltrated data or data that is stolen and sold on the dark web. 

All three of these situations pose different problems and complexities to unravel. Still, the common thread is that they have the potential to cost you time and money, two precious resources that most small business owners don’t already have enough of. 

Now, I’ve had a lot of clients and prospects tell me: ”my data security is bulletproof” or “I have perfect backups.” 

My answer is that’s great!  But even the most secure systems have been breached, including the department of defense and most major banks.   

I’ve also heard things like: “I’m a small business – no hacker really wants my data or will target me.

This is not only false, but more so, it’s a misunderstanding of how attacks take place.  While it’s true that some targets like big retailers, banks, and other financial institutions are juicy targets for hackers, the fact is that many forms of cyber-attacks are conducted randomly – meaning that hackers send millions of emails out with malware in links knowing that someone will click them.  It doesn’t matter if you have 1 employee or 1,000 employees; to hackers, this is a business, and everyone is their potential customer.  


So, I don’t really believe anyone is bulletproof or too small to be hit with some form of an attack—which further points to the need for cyber insurance. 

The purpose of cyber insurance is to bring you two things in the event of a claim.

  1. The first is expert resources to help you recover quickly from a breach, attack, hack, or event. 
  2. The second is a bucket of money to help you pay for the expenses to recover from a breach, attack, hack, or event. 

The bottom line is that if you own property, whether it’s office contents or buildings – you probably insure it – you never know if a fire will strike your business.  You probably have liability insurance to protect you from lawsuits because you never know if someone will slip and fall and sue you.   

Cyber risk is another exposure that you really can’t afford to not insure, in my opinion.  The frequency of claims which occur today is far and away greater than fire, theft, or any other property claims, and probably ten times as frequent as liability lawsuits. 

Here’s the bottom line, if you haven’t purchased cyber insurance yet, get a quote. 

Talk to your broker or me about it.  

Think about the value of your data and the time, energy, and hassle that you will spend if you do get hacked.  And worse, what it could cost you out of pocket for remediating a cyber claim – even for small businesses, you’re talking about tens of thousands for minor events and hundreds of thousands for most cyber events. 

In my opinion, going without cyber insurance and going through a claim alone doesn’t make any sense – that isn’t very comforting.  And, I think you’d be surprised at how affordable and broad cyber insurance is. 

Click the link below to get started!

Leave a Comment