Blog

Why Cyber Insurance is Important for Business Owners - RMC Group

Written by RMC Group | Mar 20, 2020 1:32:57 PM

How vulnerable is your business to a cyberattack?

Many businesses think that cyber insurance is only necessary for large companies like Yahoo, Target, and Equifax, but hackers don’t just target the “big guys.”

In 2018, Beazley Breach Response Services reported that 71% of investigated incidents targeted small to medium-sized businesses (SMBs). A full 13% of attacks specifically target small businesses, and according to the US Securities and Exchange Commission, about half of those companies go out of business within six months of an attack.

[content_band bg_color=”#e8f4f8″ border=”all”] [container] [custom_headline style=”margin: 0; 0; 0; 0;” type=”center” level=”h4″ looks_like=”h4″ accent=”true”]Key Takeaways[/custom_headline]

  • Cybersecurity breaches affect all types of companies, including small businesses.
  • The most common cyber attacks are related to employee error and malicious actors.
  • Costs of a breach average around $158 per record.
  • Without cyber coverage, companies have to fund sensitive and legal notification processes, infrastructure redesign, and other breach-related expenses out-of-pocket.
  • Cyber coverage is available to help you handle the direct costs of an attack, as well as the costs of a lawsuit and the expenses associated with lost productivity.[/container] [/content_band]

What Makes a Company Vulnerable?  

There are many ways a hacker can enter your company’s systems, but your employees may be your biggest vulnerability.

About 20% of the time, an attack happens due to accidental disclosure of sensitive information, often because an employee misaddressed a message or left a server running without the proper security protection.

Another 10% of attacks happen because of malicious insiders.

After that, the next most common type of attack is social engineering, which happens when a hacker tricks an employee into granting access to sensitive information.

In a phishing attack, for example, an employee gets an urgent request by email or phone that looks legitimate—often, it looks like it’s from the employer itself. The email asks for sensitive information like passwords or bank data, which the employee provides because they believe the request to be legitimate.

In other social engineering attacks, hackers physically pose as IT support personnel and access company systems, all because employees didn’t check credentials before they let the hacker into the building.

According to the 2019 Cost of Cybercrime Study by Accenture and Ponemon, the growth rate of these kinds of people-based attacks is higher than for any other type of cybercrime. As long as you employ humans, naturally fallible as they are, you are vulnerable to cyberattacks.

What Can a Cyberattack Cost You?  

Cyberattacks are expensive, more so than most companies can handle without coverage. The average estimated cost is $1.1 million per business, but when you factor in those companies that don’t calculate their expenses after an attack, that number increases to an estimated $1.7 million. This breaks down to around $158 per record to recover from an attack.

Approximately 54% of costs are tied to productivity loss as the company gets back on its feet. Other expenses include the costs of notifying customers and even ransom paid to hackers. There are also direct costs paid out to third-party service providers like lawyers and IT departments.

Mandated Customer Notifications  

Most states legally require companies to notify affected customers of data breaches. Healthcare industries in particular must abide by HIPAA, which has a strict Breach Notification Rule. And if you have any customers in the EU, you’ll have to notify them in accordance with the GDPR.

Even if you’re not legally obligated to disclose a breach, customers want to hear bad news from you first. If they read about the breach in the news online, your reputation will suffer severe damage long-term. By simply notifying people up-front, you behave ethically and show that you care enough to own up and address the issue.

Attacker Ransom Demands

Hackers may ask for ransom when they successfully capture critical information or shut down a business’s systems. If the business owner doesn’t pay, they’ll keep the system disabled. The attacker may even increase the ransom amount if they know that they have the upper hand.

The less responsive you are to ransom demands, the more it will cost you in the end. Beazley Breach Response Services has seen ransom demands as high as $2.8 million.

The Cyber Insurance Solution

Cyber insurance, also called cyber coverage, can help you to cover ransoms, pay to have your systems restored, and fix whatever vulnerabilities caused the breach. Still, fewer than 20% of businesses are buying cyber insurance. Without cyber coverage, most businesses are forced to cover the costs of cyber attacks out of their own pockets.

Cyber coverage can save your bottom line and your reputation. It’s time to learn more about it.

What Is Cyber Coverage? 

Cyber coverage is an insurance policy that protects the policyholder against an online attack, whether from ransomware, malware, or any other type of hack.

Who Needs Cyber Coverage and Why?  

The more information you have stored online and the fewer resources you have to pay the costs associated with a breach, the more you need cyber coverage. Keep in mind that standard business insurance policies tend not to cover cybercrime, so you’ll need special cyber coverage if any of the following apply:

  • You handle personally identifiable information (PII) or electronic protected health information (ePHI), like financial account details, contact information, medical histories, etc.
  • Your website stores customers’ login data including email addresses and passwords.
  • You use third-party services like database managers, eCommerce marketplaces, or suppliers.
  • You allow employees to use their own devices for work purposes.
  • You use connected tools to manage clients’ private lives, including finances, mental health, and medical services.

Above all, your finances should determine whether you need cyber coverage. If you don’t have enough to cover these costs, not to mention ride out the lulls that occur when customers lose faith in your security, you need cyber coverage.

What Coverage Does Your Company Need?  

A comprehensive cyber insurance policy should cover expenses related to a breach, including the extensive costs of notifying clients that their sensitive information has been compromised.

  • Network security coverage is probably the most important coverage type for most companies. It takes care of the direct costs that your business incurs when a breach happens: customer notification costs, network restoration, IT forensics, and so forth.
  • Privacy liability coverage addresses the lawsuits and legal fines resulting from the exposure of customer information. This coverage lets you pay legal fees, settlements, and even government fines if you’re found to have violated privacy laws.
  • Network business interruption coverage can help you to recover lost profits and cover costs when a hacker takes your system down in a ransom attempt.

What Kinds of Claims Have Been Filed?   

It’s hard to tell how many claims companies have made on their policies, but some of the largest claims have gotten a fair amount of media attention. For example, when Equifax was hacked in 2017, the company announced that its cyber insurance coverage allowed it to pay out $60 million in recoveries from a $125 million policy.

The rest of the policy covered other costs of the breach, but there were still expenses left to pay. In the end, Equifax paid $314 million out of pocket.

There have been many more such incidents, though payout information has not always made the news. Still, the hacks get covered, such as in 2016 when three states’ fishing and hunting license systems were hacked, shutting down sales of those licenses.

Municipal and state governments have also been targets of hacks. In 2017, cybercriminals hacked the Kansas Department of Commerce data system and accessed 5.5 million Social Security numbers. The state ended up paying $175,000 for legal services and $60,000 for IT support—and those costs don’t include state-paid credit monitoring for victims.

In Conclusion

No one is immune from cybercrime. An honest mistake or a deceiving email from a clever hacker can send your customers’ sensitive data directly into the wrong hands. The cost of that disclosure can be astronomical. In addition to the costs of notifying customers and authorities of the breach, you have breach investigations, infrastructure rebuilding, and even lawsuits to fund.

Cyber insurance can keep you protected. It can be the difference between a breach that takes you down and one that shows your business’s strength, and it’s within your reach. Find out what your cyber liability options are by speaking with an RMC Professional today—click here for a quote.