Buying Business Owners Policy coverages is a convenient, cost-effective way small businesses manage their risk. A Business Owners Policy (BOP) combines coverage for major property and liability risks. It costs less than buying each insurance coverage separately, and purchasers can often add additional coverages, which may yield more savings.
But, there is a hidden downside that small business owners need to know: Business Owners insurance won’t sufficiently—or sometimes at all—help them meet some of the biggest risks of today’s digital world.
At ProWriters, we take brokers’ fiduciary duty to their clients seriously. You owe them effective, affordable solutions to their insurance needs.
Business Owner Policy coverages won’t be enough when cyber threats strike. Discover below how you can offer coverage that protects your business clients from digital disasters’ costliest outcomes.
What Does a Standard Business Owners Policy (BOP) Cover?
Business Owners Policy insurance usually includes these key coverages:
- Commercial General Liability insurance
Commercial General Liability (CGL) insurance protects from financial loss due to bodily injury or property damage claims. It may also help cover legal defense fees.
- Commercial Property insurance
Commercial Property insurance protects a business’s own property and physical assets—buildings, equipment, inventory, even furniture and physical files—against such risks as fire, natural disaster, vandalism, and theft.
- Business Interruption insurance
Business Interruption insurance replaces income lost due to such events as a fire or a natural disaster. It also covers such costs as fixed operating expenses, temporary relocation, and payroll.
Note that business owner policy coverages don’t include:
- Professional liability insurance
- Auto insurance
- Worker’s compensation
- Health and disability insurance
And BOP insurance doesn’t generally cover losses caused by or costs associated with cyber incidents.
Why Small Business Owners Must Take Cyber Risk Seriously
When cyber events like ransomware attacks or data breaches hit big companies, they make headlines. But 70% of all cyber attacks target small and medium-sized businesses (SMBs). These experiences don’t always get news coverage, but they aren’t any less serious.
- One in five SMBs report having fallen victim to ransomware, according to cyber security company Datto.
- The average small business employee “will receive 350% more social engineering attacks”—for example, phishing emails—”than an employee of a larger enterprise,” according to cloud security company Barracuda.
- Cyber attacks cost U.S. small businesses $25,612 over 12 months on average, according to the Hiscox insurance company.
Statistics like these mean small businesses owners can’t ignore cyber risks.
They also can’t assume BOP insurance will cover the costs cyber incidents bring. These expenses can include:
- Ransomware payments, which are unfortunately often the fastest way to retrieve files and resume operations.
- Loss of income due to business interruption stemming from a hacked website or network.
- Forensic IT investigation to establish whether and how a data breach occurred, and its full extent.
- Payment card industry (PCI) fines for having failed to keep personal data secure.
- Notification and credit monitoring for affected customers, vendors, and other third parties.
Weathering and recovering from a cyber incident isn’t cheap, and BOP insurance won’t cover the costs. Without an adequate cyber insurance policy, small businesses may find themselves up against an existential threat.
The Advantages of a Standalone Cyber Insurance Policy
Some insurance companies offer cyber-related riders or endorsements to their business owner policy coverages. Small business owners, motivated by the understandable desire to streamline their insurance and save money, might consider such add-ons a good solution.
However, these add-ons generally offer only small sublimits. These amounts, ranging from $50,000 to $100,000, aren’t extra coverage, but maximum coverages for a certain kind of loss. The policy will also likely spell out other sublimits within the already small sublimit. In the event of a claim, these sublimits won’t provide nearly enough coverage.
Even worse, BOP insurance cyber riders are designed only for third-party claims. They don’t even begin to cover the first-party costs mentioned earlier. Notification costs alone can run hundreds of dollars per record. A competent cyber forensic investigation will cost between $10,000 and $30,000, conservatively. PCI compliance fees add another $5,000 to $100,000 to a cyber incident’s cost. BOP insurance won’t cover any of these expenses.
Not even the best BOP policy gives small businesses access to top forensic, legal, or public relations vendors to help recovery. It’s also not likely to provide active cyber risk management services, such as scanning, which can reduce vulnerabilities.
In contrast, a strong standalone cyber insurance policy will cover all these costs and more (such as the expense of restoring compromised data and rebuilding a company’s website). It will also provide risk management services, and give small business owners peace of mind.
Educate Your Clients About Their Cyber Insurance Needs
You have every reason to urge the small business owners you serve to buy a cyber insurance policy. Simply put, cyber insurance coverages address major expenses that business owners policy coverages don’t.
If those advantages weren’t reason enough, think about your own liability. Failure to tell clients that their BOP insurance isn’t adequate could put your own errors and omissions policy on the line.
A standalone cyber policy that protects your clients’ business with broad coverage and up to $1,000,000 in limits is likely very affordable for most small businesses.
For help explaining the need and the solutions you can provide, download our free resource, Cyber Exposure: What’s the Real Cost? You can even get it in white-label format to send to clients with your own branding.
It will help you educate your clients about not only the risk but also the cost-effective, comprehensive cyber insurance solutions you can secure for them.