There are a number of reasons businesses may feel they don’t need cyber insurance. Common justifications for putting off finding a cyber policy include:
- We already have business insurance
- We don’t operate a data-centric business with sensitive information
- We are just a small business and wouldn’t be a target
- We already have a cyber security framework and anti-virus
- We are not in the IT business – cyber concerns aren’t relevant
- We can’t afford it
When considering the question, “is cyber insurance worth it,” businesses need to realize that none are immune to cyber attacks, your data is valuable, technology interruptions can be damaging to the bottom line, cyber security measures don’t guarantee the safety of your data, and the fallout from an attack can be devastating.
To learn more about common cyber security misconceptions, read our article on Five Cyber Security Myths.
Contrary to the initial reaction of “we can’t afford it,” the truth is you can’t afford to not have cyber security insurance.
Why Do Businesses Need Cyber Insurance?
Cyber threats come in all shapes and sizes can, and can affect any business. Let the following two examples serve as cautionary tales.
In May 2010, regional engineering and construction company, Golden State Bridge Inc., found itself on the receiving end of a cyber attack. Cyber criminals exploited weak security protocols and deployed malware to acquire online banking credentials. They then used a sophisticated network of money mules to make fraudulent payroll transactions and made off with $125,000 before the company was able to take action.
The Equifax case is an example of an attack with much larger consequences. In May 2017, hackers used security gaps in a customer dispute portal to gain access to 48 Equifax servers containing customer names, social security numbers, birthdates, and addresses. Remaining undetected for months, the criminals were able to steal the personal identifiable information of $147 million Americans. To date, the attack is expected to cost Equifax $600 million in recovery expenses, not to mention $4 billion of lost stock market value.
Cyber crime does not discriminate. The potential negative impacts are as diverse as the threat types—and businesses of any revenue amount or customer base size can be affected.
What’s at Risk?
Cyber criminals may seek to gain access to sensitive information like customer personal information, payment card data, government-protected health information, payroll information, or simply seek a ransom payment for holding your business hostage. Bad actors can also target intellectual property and trade secrets, network user credentials, vendor account information, and banking details.
Recordless claims, in which criminals do not target specific data but rather services and infrastructure, are also increasingly common and costly. These attacks include distributed denial of service (DDoS) attacks, ransomware, social engineering, and wire transfer fraud.
All of these types of cyber incidents can interrupt business, result in legal claims, loss of public trust, and massive financial loss.
What’s the Potential Cost?
Depending on the nature and severity of a data breach, financial costs may vary. When a breach occurs, the costs go beyond simply restoring service and recovering data. Businesses may need to hire crisis consults or a breach coach, they may incur legal penalties or lawsuits, and they will almost certainly suffer from lost business.
Below is a breakdown of the average costs of a breach based on NetDiligence Research.
Breach costs—are only those associated with the event and reported by the insurer.
Average cost for small and medium enterprises (SME): $178K
Average cost for large enterprises: $5.6M
Crisis services costs—expenses associated with responding to the breach including breach coach counsel, forensic investigation, customer notification, credit/ID monitoring, and public relations.
Average cost for SMEs: $112K
Average cost for large enterprises: $3.8M
Legal costs—regulatory and legal expenses including lawsuit defense, lawsuit settlement, regulatory action defense, and regulatory fines.
Average cost for SMEs: $181K
Average cost for large enterprises: $2.2M
Lost business costs—is income lost due to the suspension of service.
Average cost for SMEs: $343K
(Data was not available for large enterprises.)
Unfortunately, during the months and years after a breach, costs may continue to grow as those affected take legal action and penalties are imposed.
What to Look for in a Cyber Insurance Partner
The cost of a cyber breach can bring your business to its knees. In fact, many businesses fold in the wake of a cyber attack. That’s why it’s so important to partner with a cyber security vendor that can help you select the right insurance to cover your unique business and data needs.
The type of coverage a business requires will differ based on the nature of their work, the type of data they possess, and the partners they work with. Choosing the right cyber insurance provider and policy can be a difficult process. Here are some questions to help get you started:
- What are my digital vulnerabilities?
- Do I share data with partners that would require third-party liability coverage?
- Do I need a policy that covers business interruption and reputation harm?
- Does the policy include crisis mitigation and incident response?
- Does the policy cover cyber extortion? Digital asset damage?
- Does the policy cover legal expenses, regulatory penalties, customer notification, and PR costs?
Working with ProWriters
At ProWriters, we leverage 20 years of industry experience to help agents and customers evaluate their cyber exposures and find a policy that covers those risks. What’s more, our proprietary Cyber IQ Comparative tool enables brokers to compare competing policies side-by-side online with ease.
In addition to helping our partners select the right cyber insurance plan, all insureds and agents have access to our industry leading risk management and loss prevention services.
To learn more about working with ProWriters, talk with one of our experts today.