We see cyber attacks happening every day in our insurance and investigative industries. Here’s an article in the Wall Street Journal that describes this even more. This is displaying where small businesses are now seeing an uptick in cyber attacks and the reason why is because a lot of hackers are seeing them as soft targets. Many small businesses don’t have the budgets to put in place a lot of security prevention. So what happens? They become bigger targets because they don’t believe they’re targets so they don’t make security a priority, according to the article.
Cyber attacks are becoming more common for these businesses. They’re not prepared for it and the hackers know it. So they’re looking at them like they’re an easy target. Small businesses are also more willing to pay, even smaller amounts very quickly. How much more? Well, small businesses were attacked at twice the rate of larger organizations. This is from a cyber expert at MasterCard. Data breaches in small businesses jumped 152% compared to the prior two years. Many small businesses are more focused on keeping their heads above water with the pandemic, finding help, supply chain, and inflation so they’re not going to focus a lot of attention on cybersecurity.
Here’s the key: businesses are aware of the threat but don’t realize they aren’t insured against it. Many small businesses incorrectly still expect to be covered under their property and liability policies where there are exclusions for this. So make sure you get with your insurance broker or your agent or look into cyber protection. Usually, a standalone policy is what you’re going to end up having. The side effect of that is if you sign up for cyber insurance from some company, they’re also going to give you a lot of free resources to prevent an attack in the first place. Because even if you have insurance you don’t want to have an attack. It’s kind of like if you have fire insurance that doesn’t mean you want your building to burn down. It’s still going to be a hassle if you have an attack so you want to avoid it. According to the insurance industry, commercial business insurance tends to exclude items like legal fees for an attack costs of repairing infrastructure, and other expenses from a cyber event.
So what happens if you have insurance? For example, an aluminum manufacturing company in Florida had cyber insurance that covered a ransomware attack. The insurance company dispatched experts quickly to determine that the attackers had not compromised sensitive information. Aware that nothing had been compromised, the company owner was able to rely on the backup and rejected the attacker’s ransom demand of $2.4 million in Bitcoin. The insurance company paid a claim of 180,000 to pay attorney’s fees, hard drive replacement, forensics experts, and the cost of new software. Let’s review the other one. A company in Maine had $250,000 stolen from it. It cost them $218,000, and their insurance company which was not a cyber company paid a little bit, but they lost a few years of their lives, $200,000, and a whole lot of aggravation.
What about the market? Is it available? Well, cyber insurance is a good thing to have but it’s becoming more difficult to obtain. Pricing for the policies has gone up 10-15% annually. However, many renewed policies don’t have the same increase as if you just buy a new policy. The reason why is, if you have an existing policy you’re known to be a certain type of risk. You’re known to have certain procedures. More small businesses on a percentage basis are being turned down due to tightening underwriting requirements.
What are those requirements? Companies may now be required to have multi-factor authentication as well as vendors and third parties to make sure that they’re safe. Multi-factor authentication reduces the risk. Insurers may also require small businesses to encrypt backup data and have a response plan. Well here’s the thing, if you put all that in place first and then apply for insurance, you’re more likely to get a good policy from a good company at a lower price.
What kind of companies do you want to look for? Small businesses may be able to skip some underwriting requirements by purchasing a policy from a technology company that sells insurance rather than an insurance company that sells cyber. That’s called an InsureTech. They automate underwriting by using artificial intelligence that pings your computers and pings all your servers to see what your risk is, and they know how to write the policy accordingly.
You’re probably going to be required to regularly improve your cybersecurity as a condition for maintaining coverage. That’s going to help you, but it’s also a burden. If you get a policy from an InsureTech you’re going to be required to constantly be reviewing your cyber security policies, because if you don’t, the risk goes up for a cyber attack which means your insurance company is more on the hook. This is an excellent review of what’s going on with cyber insurance. You don’t want to be like this person here who lost $200,000. For many small businesses, $200,000 could make or break. So you want to have the right kind of policy. Well, how much did they cost? We quote policies all the time for small and medium-sized companies that you know are a hundred something dollars a month are not that big a deal, but you have to make sure that you abide by the guidelines of your insurer to make sure you’re using best practices for your cyber protection.
Looking for more information?
A cyber liability policy can help cover your business and keep you updated with industry tips like this one. Get in touch with us today to learn more about cyber liability insurance coverage, or set up a no-obligation consultation with a commercial lines expert through TelaClient.com.
