As an insurance broker, I have often experienced small and medium sized business owners very reluctant to purchase cyber insurance; even though the cyber related risk seems very apparent. So, I found a recent study published by Chubb Insurance on why decision makers may think cyber protection is unnecessary, interesting.
The majority of respondents in this survey are privately held companies with 25 to 250 employees across a variety of industries, so these are the very people I speak to often about cyber risk and risk management in general. Of the 600 firms surveyed here are the top reasons why these decision makers haven’t purchased Cyber Liability Insurance:
- 40% of respondents have not experienced a cyber related incident in the past year.
- 27% of respondents believed that other business insurance covered cyber related claims.
- 24% of respondents have company policies or procedures in place to prevent cyber exposures.
- 20% of the respondents did not purchase cyber coverage because they were not required to purchase protection by law or contract.
Look, I get it; no one wants to spend more for insurance than they did the prior year. Expanding insurance budgets are not popular with decision makers – insurance doesn’t add to top line growth, or facilitate expansion – it’s purely an expense, so I totally understand the thought process here. But, what I don’t think is really understood is how expensive a cyber related claim can be and on the flip side of that how inexpensive cyber insurance is. Over the past six months we have quoted several cyber policies in this market segment and the average premium is around $4,000 and represents less than 3% of a firm’s total insurance spend. Those figures are just an average, but the key point is that cyber is pretty inexpensive right now and getting a premium indication could be very revealing.
Now, here’s how I would respond to business owners in the top 4 responses to not buying coverage:
- If you’re waiting for a cyber event to happen before you think it’s worth the expense of insurance, let me tell you that the average event is going to cost about $117,000 according to Kapersky Labs. In addition, two thirds of attacks are now focused on the SME marketplace. Hackers are focusing more attention on the “small fish” because they don’t have the resources to combat intrusions like larger firms do. I don’t understand the reasoning here of not buying insurance for a risk that hasn’t hit the decision maker yet? Business owners buy property and liability insurance when they’ve not had a fire or experienced a lawsuit, why is there such reluctance to purchase cyber insurance?
- Unfortunately your general liability, umbrella and property policies will not cover cyber related claims, so this reason is more of a misunderstanding which I’ll blame on the insurance industry for doing a poor job of educating clients. Now, the exception to this, is that some business owners policies for small businesses can be endorsed to include some limited cyber insurance, but it may not include full cyber protection or remediation services following a breach, so careful examination of coverage is required.
- Minimizing risk through policies and procedures is important and worth the effort. Yet when humans are involved, errors will certainly occur which have the ability to expose your network to breach, ransom, or damage. Insurance becomes the backstop to financial ruin if an employee unwittingly clicks a link or opens a file which wreaks havoc on your systems.
- Most forms of insurance are mandated, either by the government – such is the case of workers compensation insurance and auto insurance, or by contract – such as liability coverage when working for others or leasing space, or property insurance when taking out a mortgage. Cyber is often not required by contract, but that doesn’t make it less important.
The simple fact is that the risks you face when it comes to cyber are only growing not only in their frequency, but also severity. This is a problem that’s not going away. Taking the right steps to secure your network, educate your users, and shield you from potential liabilities is critically important. Back stopping these safeguards with insurance is as critical to provide you the financial and technical resources when something does go wrong. Obtaining protection today is easier than it’s ever been. Want to find out roughly what cyber insurance would cost you? Drop me an email or give me a call and answer 3 basic questions and I’ll let you know. It’s that simple!