Tag Archive for: Benchmark

choosing your cyber insurance plan: why it matters

reviewing Forbes’ “The Importance Of Cyber Insurance And How To Choose A Plan”

We know… If there’s one thing we’ve covered time and time again on our blog, it’s cyber insurance. But for good reason!

Contrary to popular belief, it’s not just large corporations that face cyber attacks. Small businesses are targeted daily and often face more severe financial consequences, as they typically lack the cybersecurity safeguards of larger organizations.

In fact, 60% of small businesses close within six months of falling victim to a cyber attack and according to Hiscox, the average financial cost for a small business to recover was more than $25,000 in 2021. Yikes!

To illustrate the severity of cyber attacks, we’ve pulled a few statistics on some of the biggest data breaches in history:

the biggest data breaches in history

Did you know…

  • In 2013, an attack against Yahoo resulted in the loss of data from more than three billion accounts (Yes, billion!)
  • Approximately 143 million consumers were affected by an attack on Equifax in 2017, which ended up costing them more than $4 billion. (Equifax was found liable for the breach and fined $425 million by the Federal Trade Commission… Ouch!)
  • The data breach of hotel firm Marriott-Starwood resulted in the loss or compromise of information belonging to more than 500 million consumers
  • The 2017 WannaCry ransomware attack contained a virus that infected more than 230,000 machines spanning 150 countries (this caused damage of at least $4 billion…)

The statistics considered, businesses of all sizes should prepare for the growing cybersecurity threat.

How? Cyber insurance is a great first step.

infographic for "choosing your cyber insurance plan why it matters"

In the Forbes article below, you’ll learn more about the importance of cyber insurance, costs, risk assessments, and more.

Read on for the full Forbes article by Mark Roberts.

The Importance Of Cyber Insurance And How To Choose A Plan

In my recent pieces, I have talked about how and why businesses should prepare for the growing cybersecurity threat and ensure their security protocols are adequate for today’s dangers and position to evolve for future risks.

It’s one of those topics that feels like it’s over-discussed. However, considering the increasingly dangerous landscape for businesses, it’s a topic whose importance that can’t be overstated.

The experts have made it clear: Bad actors are increasingly launching cyberattacks in the United States and globally. One doesn’t need a crystal ball to recognize that these cyberthreats could continue to grow.

Cyberattacks are a big business today; just look at ransomware as a service (RaaS), the bad-actor version of software as a service (Saas). As long as bad actors can continue to find companies and organizations to victimize, they won’t cease their efforts.

The Identity Theft Resource Center’s (ITRC) 2021 Annual Data Breach Report revealed there were more “cyberattack-related data compromises” (1,603) in 2021 than “all data compromises” in 2020 (1,108). These attacks increased in nearly every primary business sector.

According to 2021 research from Hiscox, an international specialist insurer, roughly one-quarter (23%) of small businesses suffered a cyberattack in the span of 12 months, and the average financial cost to a small business was more than $25,000.

Now is the time to prepare for potential risks that could impede operations. Too often, businesses delay simply because they don’t know where to start the process.

The most logical starting point is to explore the benefits of cyber insurance, a topic my company consults on for clients and the importance of which I’ve come to understand firsthand as a CMO.

Why does a company need cyber insurance?

Most companies carry at least one form of insurance, such as commercial or business insurance. While this type of insurance protects against property damage or employee-related risks, many companies believe their insurance will cover them should they fall victim to a cyberattack.

However, not all insurance companies cover damages resulting from cyberattacks under these general policies. Instead, they have launched specialized products designed exclusively for cyberattacks.

Unfortunately, there are a few hurdles to attaining these policies; they often require companies to secure a vulnerability or cybersecurity gap assessment. While this review will ensure companies have the basics covered and enable them to secure insurance, it could also result in lower premiums.

If nothing else, these vulnerability assessments can help establish baseline business best practices, such as ransomware training and protocols for phishing scams. These protocols can help identify vulnerabilities before a bad actor exploits them.

Sadly, the biggest threat is also a company’s biggest asset: its employees. Unprepared employees are often an organization’s most significant vulnerability. However, prepared employees can help play a solid defense.

Yes, cyber insurance is an added cost. While companies may be tempted to cut expenses wherever possible amid rising costs in all aspects of operations, cyber insurance shouldn’t be one of them. The cost of a policy pales compared to the cost of an attack.

The cost outweighs the risk.

Nearly three-quarters of companies suffering an attack (71% of businesses in the United States, according to Hiscox) have paid a ransom when targeted. The cost of a ransom could force many businesses to close their doors for good.

No one should automatically bake that cost into their annual budgets, especially when there is an opportunity to turn the tide and bolster their defensive posture.

The Hiscox Cyber Readiness Report 2021 revealed that less than one-third of companies have a stand-alone cyber insurance policy. Given the size and severity of the threat, it is hard to believe the number isn’t significantly higher.

Many companies still mistakenly believe they can fly under the radar, perhaps thinking they aren’t high profile enough for an attack. While massive cyberattacks make headlines, many smaller ones do not. The harsh reality is that some companies won’t realize they have fallen victim to an attack until it is too late.

When securing a cyber insurance policy, businesses must first understand what they need to protect—such as customer data, medical records or financial information. Buying the right policy requires companies to understand their potential shortcomings before evaluating whether the policy protects them.

A risk assessment is crucial to understanding.

Once they have this baseline information, they should examine the policy to understand what it covers—and, more importantly, what it doesn’t cover. For example, are there select risks that aren’t covered, how does the policy define a security event, and does human error or identity theft negate coverage?

On top of choosing an insurance policy, companies should keep their eyes open for risks on the horizon, and leaders should be prepared to communicate with their teams about their roles. Today, everyone plays a role in a company’s defense.

All employees should understand present cyber risks and why it’s vital that they take safety measures seriously. When it comes to the specific safety measures a company puts in place, leaders should ensure employees understand the procedures and buy into the process.

Since the best offense is a good defense, companies should start their preparations today. If you’re not, what are you waiting for?

Do You Need an Employee Manual Review? (Yes!)

do you need an employee manual review? (yes!)

What Is an Employee Manual Review?

An employee manual is not only a resource for employees but also for an employer as well. An employee manual is a book or online PDF containing employees’ and employers’ guidelines to reference for all job-related information.

Although an employee handbook is given and reviewed once a new hire is onboarded, the document should be reviewed at least annually. 

This is generally a large document, as it will cover topics including: 

  • Equal Opportunity Guidelines
  • Company Culture
  • Paid Time Off (PTO) and Holiday Time
  • Job Expectations
  • A Company Mission Statement
  • Company Policies
  • Work Performance Expectations
  • Who to Contact if an Issue Arises

Surprisingly, employee handbooks are not required by law. They are, however, very helpful and highly recommended.

Most HR representatives consider the employer’s handbook as an active document. This means that throughout the year when policies and employment laws change, notes can be added and reviewed.

It is important to note that creating and maintaining employee manuals within California is much more difficult than in other states as policies and guidelines are constantly being adjusted. It’s almost impossible to keep up, which is why adding notes and using the employee handbook as an active document is a helpful practice to follow.

Why Review?

Most HR representatives consider the employer’s handbook as an active document. This means that throughout the year when policies and general guidelines change, notes can be added and reviewed. Again, an employee handbook is most helpful when acting as an active document because the handbook will stay perfectly to date without annual revisions. 

As an employer, it can be helpful to see the employee handbook as a resource, not just another box to check off the list. It can be a helpful tool because there is a high level of information to keep track of. If an employee gets called to jury duty, for example, do they receive paid time off? Check the employee handbook.

What to Avoid

If you have an employee handbook from a past business, don’t copy and paste this document for another business. This doesn’t work for many reasons. Each company has a unique set of guidelines that apply to its employee handbook.

Ideally, an employee handbook should be written by an HR consultant or professional, or an employment attorney. Although there are tools that can help employers build a handbook, it’s more consistent to collaborate with a professional. 

As a new hire is onboarded, there are many documents that can get lost in emails. One suggestion as an employer is to review the handbook in-person—open it and highlight some of the main topics. Consider creating an infographic with the top 10 ideas and questions that employees might have as a reference.

Do you have questions about our program development and options available? Our team is ready to answer your questions and provide you with information about insurance and building a beneficial partnership with us. Call Benchmark today at 800-283-0622 or send us a message.

Thursday August 19 2021