choosing your cyber insurance plan: why it matters
reviewing Forbes’ “The Importance Of Cyber Insurance And How To Choose A Plan”
We know… If there’s one thing we’ve covered time and time again on our blog, it’s cyber insurance. But for good reason!
Contrary to popular belief, it’s not just large corporations that face cyber attacks. Small businesses are targeted daily and often face more severe financial consequences, as they typically lack the cybersecurity safeguards of larger organizations.
In fact, 60% of small businesses close within six months of falling victim to a cyber attack and according to Hiscox, the average financial cost for a small business to recover was more than $25,000 in 2021. Yikes!
To illustrate the severity of cyber attacks, we’ve pulled a few statistics on some of the biggest data breaches in history:
the biggest data breaches in history
Did you know…
- In 2013, an attack against Yahoo resulted in the loss of data from more than three billion accounts (Yes, billion!)
- Approximately 143 million consumers were affected by an attack on Equifax in 2017, which ended up costing them more than $4 billion. (Equifax was found liable for the breach and fined $425 million by the Federal Trade Commission… Ouch!)
- The data breach of hotel firm Marriott-Starwood resulted in the loss or compromise of information belonging to more than 500 million consumers
- The 2017 WannaCry ransomware attack contained a virus that infected more than 230,000 machines spanning 150 countries (this caused damage of at least $4 billion…)
The statistics considered, businesses of all sizes should prepare for the growing cybersecurity threat.
How? Cyber insurance is a great first step.
In the Forbes article below, you’ll learn more about the importance of cyber insurance, costs, risk assessments, and more.
Read on for the full Forbes article by Mark Roberts.
The Importance Of Cyber Insurance And How To Choose A Plan
In my recent pieces, I have talked about how and why businesses should prepare for the growing cybersecurity threat and ensure their security protocols are adequate for today’s dangers and position to evolve for future risks.
It’s one of those topics that feels like it’s over-discussed. However, considering the increasingly dangerous landscape for businesses, it’s a topic whose importance that can’t be overstated.
The experts have made it clear: Bad actors are increasingly launching cyberattacks in the United States and globally. One doesn’t need a crystal ball to recognize that these cyberthreats could continue to grow.
Cyberattacks are a big business today; just look at ransomware as a service (RaaS), the bad-actor version of software as a service (Saas). As long as bad actors can continue to find companies and organizations to victimize, they won’t cease their efforts.
The Identity Theft Resource Center’s (ITRC) 2021 Annual Data Breach Report revealed there were more “cyberattack-related data compromises” (1,603) in 2021 than “all data compromises” in 2020 (1,108). These attacks increased in nearly every primary business sector.
According to 2021 research from Hiscox, an international specialist insurer, roughly one-quarter (23%) of small businesses suffered a cyberattack in the span of 12 months, and the average financial cost to a small business was more than $25,000.
Now is the time to prepare for potential risks that could impede operations. Too often, businesses delay simply because they don’t know where to start the process.
The most logical starting point is to explore the benefits of cyber insurance, a topic my company consults on for clients and the importance of which I’ve come to understand firsthand as a CMO.
Why does a company need cyber insurance?
Most companies carry at least one form of insurance, such as commercial or business insurance. While this type of insurance protects against property damage or employee-related risks, many companies believe their insurance will cover them should they fall victim to a cyberattack.
However, not all insurance companies cover damages resulting from cyberattacks under these general policies. Instead, they have launched specialized products designed exclusively for cyberattacks.
Unfortunately, there are a few hurdles to attaining these policies; they often require companies to secure a vulnerability or cybersecurity gap assessment. While this review will ensure companies have the basics covered and enable them to secure insurance, it could also result in lower premiums.
If nothing else, these vulnerability assessments can help establish baseline business best practices, such as ransomware training and protocols for phishing scams. These protocols can help identify vulnerabilities before a bad actor exploits them.
Sadly, the biggest threat is also a company’s biggest asset: its employees. Unprepared employees are often an organization’s most significant vulnerability. However, prepared employees can help play a solid defense.
Yes, cyber insurance is an added cost. While companies may be tempted to cut expenses wherever possible amid rising costs in all aspects of operations, cyber insurance shouldn’t be one of them. The cost of a policy pales compared to the cost of an attack.
The cost outweighs the risk.
Nearly three-quarters of companies suffering an attack (71% of businesses in the United States, according to Hiscox) have paid a ransom when targeted. The cost of a ransom could force many businesses to close their doors for good.
No one should automatically bake that cost into their annual budgets, especially when there is an opportunity to turn the tide and bolster their defensive posture.
The Hiscox Cyber Readiness Report 2021 revealed that less than one-third of companies have a stand-alone cyber insurance policy. Given the size and severity of the threat, it is hard to believe the number isn’t significantly higher.
Many companies still mistakenly believe they can fly under the radar, perhaps thinking they aren’t high profile enough for an attack. While massive cyberattacks make headlines, many smaller ones do not. The harsh reality is that some companies won’t realize they have fallen victim to an attack until it is too late.
When securing a cyber insurance policy, businesses must first understand what they need to protect—such as customer data, medical records or financial information. Buying the right policy requires companies to understand their potential shortcomings before evaluating whether the policy protects them.
A risk assessment is crucial to understanding.
Once they have this baseline information, they should examine the policy to understand what it covers—and, more importantly, what it doesn’t cover. For example, are there select risks that aren’t covered, how does the policy define a security event, and does human error or identity theft negate coverage?
On top of choosing an insurance policy, companies should keep their eyes open for risks on the horizon, and leaders should be prepared to communicate with their teams about their roles. Today, everyone plays a role in a company’s defense.
All employees should understand present cyber risks and why it’s vital that they take safety measures seriously. When it comes to the specific safety measures a company puts in place, leaders should ensure employees understand the procedures and buy into the process.
Since the best offense is a good defense, companies should start their preparations today. If you’re not, what are you waiting for?