choosing your cyber insurance plan: why it matters

in , ,

reviewing Forbes’ “The Importance Of Cyber Insurance And How To Choose A Plan”

We know… If there’s one thing we’ve covered time and time again on our blog, it’s cyber insurance. But for good reason!

Contrary to popular belief, it’s not just large corporations that face cyber attacks. Small businesses are targeted daily and often face more severe financial consequences, as they typically lack the cybersecurity safeguards of larger organizations.

In fact, 60% of small businesses close within six months of falling victim to a cyber attack and according to Hiscox, the average financial cost for a small business to recover was more than $25,000 in 2021. Yikes!

To illustrate the severity of cyber attacks, we’ve pulled a few statistics on some of the biggest data breaches in history:

the biggest data breaches in history

Did you know…

  • In 2013, an attack against Yahoo resulted in the loss of data from more than three billion accounts (Yes, billion!)
  • Approximately 143 million consumers were affected by an attack on Equifax in 2017, which ended up costing them more than $4 billion. (Equifax was found liable for the breach and fined $425 million by the Federal Trade Commission… Ouch!)
  • The data breach of hotel firm Marriott-Starwood resulted in the loss or compromise of information belonging to more than 500 million consumers
  • The 2017 WannaCry ransomware attack contained a virus that infected more than 230,000 machines spanning 150 countries (this caused damage of at least $4 billion…)

The statistics considered, businesses of all sizes should prepare for the growing cybersecurity threat.

How? Cyber insurance is a great first step.

infographic for "choosing your cyber insurance plan why it matters"

In the Forbes article below, you’ll learn more about the importance of cyber insurance, costs, risk assessments, and more.

Read on for the full Forbes article by Mark Roberts.

The Importance Of Cyber Insurance And How To Choose A Plan

In my recent pieces, I have talked about how and why businesses should prepare for the growing cybersecurity threat and ensure their security protocols are adequate for today’s dangers and position to evolve for future risks.

It’s one of those topics that feels like it’s over-discussed. However, considering the increasingly dangerous landscape for businesses, it’s a topic whose importance that can’t be overstated.

The experts have made it clear: Bad actors are increasingly launching cyberattacks in the United States and globally. One doesn’t need a crystal ball to recognize that these cyberthreats could continue to grow.

Cyberattacks are a big business today; just look at ransomware as a service (RaaS), the bad-actor version of software as a service (Saas). As long as bad actors can continue to find companies and organizations to victimize, they won’t cease their efforts.

The Identity Theft Resource Center’s (ITRC) 2021 Annual Data Breach Report revealed there were more “cyberattack-related data compromises” (1,603) in 2021 than “all data compromises” in 2020 (1,108). These attacks increased in nearly every primary business sector.

According to 2021 research from Hiscox, an international specialist insurer, roughly one-quarter (23%) of small businesses suffered a cyberattack in the span of 12 months, and the average financial cost to a small business was more than $25,000.

Now is the time to prepare for potential risks that could impede operations. Too often, businesses delay simply because they don’t know where to start the process.

The most logical starting point is to explore the benefits of cyber insurance, a topic my company consults on for clients and the importance of which I’ve come to understand firsthand as a CMO.

Why does a company need cyber insurance?

Most companies carry at least one form of insurance, such as commercial or business insurance. While this type of insurance protects against property damage or employee-related risks, many companies believe their insurance will cover them should they fall victim to a cyberattack.

However, not all insurance companies cover damages resulting from cyberattacks under these general policies. Instead, they have launched specialized products designed exclusively for cyberattacks.

Unfortunately, there are a few hurdles to attaining these policies; they often require companies to secure a vulnerability or cybersecurity gap assessment. While this review will ensure companies have the basics covered and enable them to secure insurance, it could also result in lower premiums.

If nothing else, these vulnerability assessments can help establish baseline business best practices, such as ransomware training and protocols for phishing scams. These protocols can help identify vulnerabilities before a bad actor exploits them.

Sadly, the biggest threat is also a company’s biggest asset: its employees. Unprepared employees are often an organization’s most significant vulnerability. However, prepared employees can help play a solid defense.

Yes, cyber insurance is an added cost. While companies may be tempted to cut expenses wherever possible amid rising costs in all aspects of operations, cyber insurance shouldn’t be one of them. The cost of a policy pales compared to the cost of an attack.

The cost outweighs the risk.

Nearly three-quarters of companies suffering an attack (71% of businesses in the United States, according to Hiscox) have paid a ransom when targeted. The cost of a ransom could force many businesses to close their doors for good.

No one should automatically bake that cost into their annual budgets, especially when there is an opportunity to turn the tide and bolster their defensive posture.

The Hiscox Cyber Readiness Report 2021 revealed that less than one-third of companies have a stand-alone cyber insurance policy. Given the size and severity of the threat, it is hard to believe the number isn’t significantly higher.

Many companies still mistakenly believe they can fly under the radar, perhaps thinking they aren’t high profile enough for an attack. While massive cyberattacks make headlines, many smaller ones do not. The harsh reality is that some companies won’t realize they have fallen victim to an attack until it is too late.

When securing a cyber insurance policy, businesses must first understand what they need to protect—such as customer data, medical records or financial information. Buying the right policy requires companies to understand their potential shortcomings before evaluating whether the policy protects them.

A risk assessment is crucial to understanding.

Once they have this baseline information, they should examine the policy to understand what it covers—and, more importantly, what it doesn’t cover. For example, are there select risks that aren’t covered, how does the policy define a security event, and does human error or identity theft negate coverage?

On top of choosing an insurance policy, companies should keep their eyes open for risks on the horizon, and leaders should be prepared to communicate with their teams about their roles. Today, everyone plays a role in a company’s defense.

All employees should understand present cyber risks and why it’s vital that they take safety measures seriously. When it comes to the specific safety measures a company puts in place, leaders should ensure employees understand the procedures and buy into the process.

Since the best offense is a good defense, companies should start their preparations today. If you’re not, what are you waiting for?

man at a desk reviewing insurance contract

how much should I pay for cyber insurance?

in , ,

So, you’re a small business owner asking yourself, “How much should I pay for cyber insurance?” You want to ensure your business is protected, but without excess or unnecessary coverage.

So, how much will it cost? We’re sure this isn’t the answer you want to hear, but in short, it depends.

The cost of your cyber insurance will depend on your business type and the level of risk you’re exposed to.

(But more on this later!)

Below, we will:

  • Provide a general estimate of how much cyber insurance costs for businesses in the United States
  • Cover why the cost of cyber insurance is increasing, and
  • Discuss what factors influence how much a business owner pays for cyber insurance

the average cost of cyber insurance

According to AdvisorSmith’s research conducted in 2019, the average cyber insurance cost is $1,485 per year (or $124 per month) for $1 million in coverage, with a $10,000 deductible.

To come up with this figure, AdvisorSmith used quote estimates and rate filings from over 43 insurance companies nationwide. Premiums ranged from $650 to $2,357 for cyber insurance for companies with moderate cyber risk.

This figure, however, is not a hard-and-fast rule and will vary based on several elements regarding your business and the cyber insurance market.

the cost of cyber insurance is increasing… why?

So, the cost of cyber insurance is increasing… But why? Here’s a shorthand list.

  • Cyber attacks are becoming more and more common across the board; cyber extortion has jumped by 150% in one year and cases of malicious breaches and unintentional disclosure increased by 18%
  • To contain potential lawsuits, businesses will rely on outside attorneys to handle cyber response
  • Executives do not know how to properly insure their businesses from cyber risk (Munich RE reports that 81% of C-level respondents think their company is not adequately protected against cyber threats and only 34% of C-level respondents have been in contact with their insurers)

Therefore, as ransomware attacks continue to crowd the cyber insurance market, coverages are expected to rise 40% to 50% for optimal risks and 50% to 100% or more for less optimal risks.

Even so, while cyber insurance premiums are rising, policies are covering less.

how much does cyber insurance cost?

Again, there’s no magic number for how much each business owner’s insurance will cost. That’s because every business is different.

infographic of how much should i pay for cyber insurance

Moreover, this is an especially tricky question as the cyber liability underwriting market remain

s hard.

But what factors influence how much you will pay for cyber insurance as a business owner? At benchmark commercial insurance, we identify eight main determining factors.

industry

The industry you’re in is arguably the most important element in determining cyber insurance costs.

Depending on the industry you’re in, you’ll be placed into one of three tiers—low, medium, and high—of risk related to the type and amount of data your business stores.

To provide an example, a consulting firm would likely fall into the category of low risk whereas a business in construction, the health and wellness space, or the cannabis industry would be considered high risk.

location

The location of your business will affect how much you pay for insurance. Why? The cost of insurance differs from state to state because of differences in legal requirements, economic conditions, competition, etc.

For example, cyber coverage will likely be cheaper in Michigan than in Minnesota.

size

How big is your business? Typically, the larger your business is (i.e. more employees, clients, and greater sales), the more expensive your premiums will be. Why? More employees equal a higher likelihood for a cyber-attack to occur.

amount of sensitive data stored

If your business stores sensitive data, you can expect to pay more for cyber insurance. Sensitive data, to name a few examples, might include:

  • Social security numbers
  • Addresses and phone numbers
  • Credit and debit card numbers
  • And more

For example, a hospital—which houses an immense amount of personal data—would pay more for cyber insurance than, say, a mom-and-pop grocery store with a small customer base and few data collection points.

revenue

The more money your business makes, the higher odds a cybercriminal will be interested in targeting your business, according to an insurer. This considered, businesses with higher revenues should anticipate paying more for cyber insurance.

security defenses your company has taken

Security protocols, software security, employee training… Any preventative measures that your business has taken to stay safe from cyber attacks equal a brownie point in an insurer’s eyes. Businesses that prioritize safety are likely to pay less for cyber insurance.

history of cyber insurance claims

If your business has a history of cyber insurance claims or has been previously attacked, you might face higher premiums.

the level of coverage that you choose

Lastly, your coverage limits and deductible will affect the amount you pay for coverage. In short, the higher your coverage limits, the higher your premiums. On the other hand, paying a lower deductible would result in paying less in the event of cybercrime but paying a greater premium.

Businesses should consult their brokers to determine which cyber security options are best suited for their unique business needs. Interested in learning more? Check out our article on what cyber insurance actually covers.

man holding phone at computer with blue screen that says cyber security

the evolution of the cyber insurance market

in

Considering today’s digital world, cyber-attacks have become increasingly common over the past decade—and with more significant financial impact. Breaches including phishing emails, viruses, ransomware, or other malicious attempts can cost companies billions of dollars.

As a result, more businesses and organizations—both small and large—are investing in cyber insurance to avoid catastrophic losses and expenses—and we don’t blame them. However, the cyber insurance market itself has changed a bit as well. Let’s discuss the evolution of the cyber insurance market and where it is right now.

what is cyber insurance?

Cyber insurance is a policy that protects your “business’ liability for a data breach involving sensitive customer information.” This sensitive information might include:

  • Credit card numbers
  • Account numbers
  • Health records
  • Social security numbers
  • Driver’s license numbers
  • And more

Typically, cyber liability insurance covers network security and data privacy incidents, including first-party costs and third-party claims. Remember, no business—no matter how big or small—is safe from the threats of a cyber attack today.

Not quite on board yet? Check out the shocking cyber attack statistics from AAG below.

cyber attack statistics

Did you know…

  • There is a hacker attack every 39 seconds
  • 64% of companies have experienced web-based attacks; 62% experienced phishing and social engineering attacks; 59% of companies experienced malicious code and botnets
  • Since 2013, there are 3,809,448 records stolen from breaches every day
  • 43% of cyber-attacks target small business
  • Over 75% of the healthcare industry has been infected with malware over the last year

where is the cyber insurance market today?

Today, despite the increased need for cyber protection, organizations are faced with a difficult cyber insurance market. The market is characterized by:

  • Rapidly increasing losses
  • Non-renewal cases
  • Increased premiums
  • Coverage restrictions
  • And longer underwriting periods due to increased requirements

Infographic of the evolution of the cyber insurance market

how benchmark can help

The United States cyber insurance market, according to the National Association of Insurance Commissioners, expanded to $4.1 billion in direct premium in 2020, an increase of over 29% from 2019.

Our team at benchmark commercial insurance is understanding of today’s cyber insurance market—and is here as your partner to navigate insurance compliance around everyday business transactions, ensuring you have the right coverage for your risk tolerance.

Reach out to benchmark today to learn more about our dedication to providing global capabilities with our boutique experience.

all businesses need to mitigate risk with cyber insurance

I don’t have an online business, do I need cyber insurance?

in , ,

The insurance policies a business chooses is based on their specific business model. What works for one business may not work for another. One policy, however, lives as a baseline policy all businesses should have- cyber insurance

 

This rings true, especially in light of today’s tech-reliant world. Even businesses that do not operate online are not free from the dangers of a cyber attack. 

 

Furthermore, recent events regarding the ongoing Russian-Ukrainian War have the potential to impact all businesses and their cyber security in the United States. Cyber security risks are escalating, so let’s discuss more why even non-online businesses should invest in cyber insurance.

do all businesses need cyber insurance? 

Yes. All businesses need cyber insurance regardless of business type—especially in today’s digital environment. 

 

Even if your business is not an online business, cyber insurance helps mitigate risk. Cyber-attacks occur regularly (every 11 seconds in 2021), and can target individuals and businesses alike. No one is safe from the threat of a cyber attack – no matter the business model. 

 

Typically, attackers use the following tactics in a cyberattack:

  • Phishing 
  • Compromised/stolen devices
  • Credential theft 

 

General and professional liabilities may include basic cyber liability coverage, however, businesses that store personally identifiable information or any sensitive information for employees and customers should seek out further coverage. 

 

Data your business has (i.e. phone numbers, credit card numbers, social security numbers, and more) puts any business at risk for an attack.  

 

A report by Nerdwallet, “​​Among small businesses with fewer than 250 employees, the average reported cyberattack cost was about $25,600.”

 

Consider the following cyber attack statistics below before dismissing a cyber security policy for your business. 

 

  • Cybercriminals can penetrate 93% of company networks
  • In 2021, businesses suffered 50% more cyberattack attempts per week
  • Corporate cyber attacks increased by 50%
  • Small to medium-sized businesses are most commonly targetted   
  • 43% of cyber-attacks are targeted against small businesses 
  • 83% of small businesses are not financially prepared for a cyber attack

 

The threat of a data breach is here to stay. We here at benchmark have first-hand experience with what cyber attacks look like, and what to do to keep your business safe. Read on to learn how we mitigated a cyber attack against our vendor’s business. 

 

benchmark case story

A few years ago, our data vendor’s cloud server was hacked.  All of the vendor’s “mission-critical” information stored in the Cloud was breached (i.e. email servers, client databases, and more)- that included our sensitive information and the information of their other clients. 

 

The hacker asked for a ransom to not share all of the data and to return the data back to our vendor. 

 

Luckily, because the vendor had benchmark’s cyber insurance coverage, our office and all of the vendor’s clients came out unscathed. The cyber insurance covered the entire ransom the hacker was asking for– which meant our vendor was able to keep their data safe and unharmed. 

 

Our cyber insurance policy coverage protected our vendor, our business, and their clients from leaking private information. It also kept the vendor in business so they wouldn’t go bankrupt from paying the hacker’s ransom out of pocket. 

 

Read our next blog post for a complete guide to cyber insurance and why you need it. 

 

all businesses need cyber insurance

cyber liability insurance protects your business in case of a cyber attack

your guide to cyber insurance: why do you need it?

in , ,

The cyber insurance industry is a rapidly growing market that can be difficult to navigate for those seeking or renewing insurance. With underwriting and renewal processes taking longer to complete, read on our full guide on why you need cyber insurance.

why should you invest in cyber insurance?

Cyber insurance covers expenses from data breaches, viruses, or other cyber-attacks and fraud. It can also cover legal claims that come from a security breach. As companies utilize cloud software, personal computers and laptops, and other technology-based means to store their sensitive data, their risk for a security breach grows exponentially.

The Identity Theft Resource Center claims that in 2018, businesses experienced 571 breaches in security, which exposed 415 million employee and customer records.

In 2021, a cyber-attack incident occurred every 11 seconds.

If your company experiences a breach, federal law requires you to perform an extensive list of tasks. If you have cyber insurance coverage, however, your carrier will take on that responsibility.

Investing in cyber insurance helps protect your business from financial losses that can come with a cyber attack, and help keep reputation damage at bay.

is your business vulnerable to cyber-attacks?

As many businesses moved to a work-from-home model, cyber-attacks have increased. With most company communication through e-mail, Slack, and other online platforms, the risk of a breach increases. This could cause a company to experience massive monetary losses as well as reputation damage.

who needs cyber liability insurance?

While some general liability and professional liability policies include some basic cyber liability coverage, some additional coverage may be needed. Businesses that store personally identifiable information (PII) for both employees and customers should have additional coverage.

Cyber breaches can occur in a multitude of ways. They can be executed through phishing emails, viruses, ransomware, or other malicious attempts to corrupt your data. The best way to begin protecting your data is to establish internal safeguards with cyber security. This includes using strong passwords and monitoring electronic device access and access to software tools.

This form of coverage is growing in demand as we shift towards a cyber-reliant world. The National Associate of Insurance Commissioners found that the U.S. cyber insurance market “expanded to $4.1 billion in direct premium in 2020, representing an increase of over 29% from 2019.”

what does cyber liability insurance cover?

There are a few types of coverage within a cyber liability policy. First-party and third-party coverage help ensure you’re protected for whatever comes your way.

first-party coverage

First-party coverage includes coverage for immediate expenses related to the cyber breach. These expenses typically include:

  • The cost of notifying employees and the public
  • Marketing and public relations response that protect the company’s reputation
  • Extortion money
  • Repairing the damage to software and hardware
  • The cost of business interruption and missed income while operations are suspended
  • Other ancillary costs

third party coverage

On the other hand, third-party coverage helps a company defend against lawsuits and legal claims. There are a few lawsuits that may occur. Privacy lawsuits are covered under this coverage in case you have breached the privacy of customers and employees.

Regulatory body fines are covered as well as media liability claims (copyright infringement, libel, or slander). Lastly, breach of contract and negligence claims are covered under third-party coverage.

what does cyber liability insurance not cover?

It’s important to understand what your insurance coverage does not cover. When you review your cyber security protections, you may be able to identify where your vulnerabilities lie. Some common exclusions from cyber liability insurance include:

  • Bodily injury and property damage claims: Any claims of bodily injury or property damage will not be included in your cyber liability insurance policy. However, a general liability policy will cover these claims.
  • Criminal activity: Cyber liability insurance policies do not cover fraud, robbery, employee theft, and other crimes. However commercial crime insurance will cover these claims.
  • Social engineering: A cyber liability insurance policy will not cover when employees are tricked into transferring company funds. This can be an additional add-on with some cyber liability plans.
  • Loss of property: When an employee loses a piece of property, like a phone or computer, cyber liability will not cover the cost. However, a commercial property insurance policy will.

Like many businesses, you likely utilize computers, and other electronic devices to send, receive, and store electronic data. Data is one of your most valuable assets. It’s important to ensure that you protect that data and consider the cost of losing it.

signs you’re at risk of experiencing a cyber-attack

Cyber-attacks occur without forewarning. Sometimes, businesses don’t initially realize that they’re under a cyber attack. Review the following signs that your business is experiencing a cyber attack.

  • You’re receiving requests for transactions, like direct deposits or electronic fund transfers.
  • Unsolicited communications are coming through from unknown companies or people.
  • Links within emails do not match—check links by rolling your cursor over the link to see if the two match with the content and the email address!
  • Requests with a high sense of urgency, asking you to complete documentation immediately.
  • Requests for usernames, passwords, and other personal details like banking information.

If you realize you’re under a cyber attack, act immediately. First, disconnect your device from the internet, restore your system, and report the attack to your IT department.

After the attack, make sure you file a report with the police and your insurance.

how to mitigate risk

There are ways to decrease your business’s risk of falling prey to a cyber-attack. Being proactive about cybersecurity, and having cyber insurance helps keep your business information secure. Other ways to mitigate risk include:

  • Limit your use of large email attachments and programs that put pressure on your company’s bandwidth ecosystems.
  • Do not forward emails with attachments that contain highly restricted or company confidential information to personal accounts.
  • Avoid reading, talking about, or leaving confidential information in unsecured work-from-home areas.
  • Log off of work devices when you’re not using them.
  • Shred sensitive documents.
  • Restart your computer regularly.
  • Be aware of third-party risk because 59% of companies experience a cyber breach because of a third party.

cyber claim tips

When submitting a claim, use our tips to make sure you have the most successful outcome.

  1. Prepare and understand your insurance policy beforehand. Before a breach occurs, understand and review your policy, and what it covers. Make sure the structure of the claim fits your business needs.
  2. File your claim correctly. Most cyber insurance claims are first-party claims because the most common types of cyber-attacks are ransomware, malware, and social engineering fraud. However, file a third-party claim if you experience the need for defense in a lawsuit. Once assigned, insurer claim adjusters quickly help mitigate losses and help the legal and forensic response.
  3. Do not wait to report your claim. Once you become aware that there is a breach in your cyber security, the first step is to report and file the claim as soon as possible. No matter what type of breach, do not wait to file a report because it’s easier to give assistance early on during a breach.
  4. Obtain insurer consent. Once the claim is filed, the insurer must give their consent to onboard attorneys, IT professionals, and investigators for the breach.

At benchmark commercial insurance, we offer global capacities with a boutique experience. What we do best is look at your company holistically and use our knowledge of changing policy to give you the security of knowing you’re covered.  It’s true, anyone can get you cheap insurance, but not anyone can be there for you like we can when structuring your policy and filing a cyber security claim.

Curious about what other areas of your company may be putting you at risk for a cyber security breach? Read our article about why email may be your biggest cyber risk here.

 

your business needs cyber liability insurance to protect against cyber attacks