How Small Business Owners Should Determine Their Cyber Coverage Needs
Cyber attacks happen to businesses of all sizes.
Small business owners often make the tragic mistake of not protecting their businesses against cyber attacks.
While major corporations make headlines after a breach, both small and medium sized businesses are at risk as well. Hackers don’t discriminate between a business with one thousand employees and one with a hundred.
Every business has valuable data to steal. The question is – could your business survive if cyber criminals do their best to hack into your data? The cost would cripple most smaller businesses, making cyber coverage a necessity.
Go Beyond Your General Policy
A common misconception is that cyber attacks are covered by a commercial general liability policy. Let’s be clear. Cyber losses are not covered under these policies and the business owner must deal with all costs out-of-pocket if the business is not covered properly. With the Washington Post reporting over 3,000 American businesses, including many small and medium sized businesses, being hacked in recent years, it’s time to protect your business and your clients or patients. The first step is to look at the difference between first-party and third-party coverage.
Two Types Of Coverage
Cyber insurance is designed to cover penalties, fines and regulatory defense costs. For the widest range of coverage, business owners need both first-party and third-party coverage. Some insurers offer these separately, while others may offer it as a combination policy.
First-party liability covers the more general costs including informing customers, handling public relations, business interruptions and legal guidance. Third-party liability coverage protects you when sensitive information is exposed and covers defense costs from lawsuits.
Determining Coverage Needs
Analyzing your industry and stored data are key factors in determining coverage needs. The national chain store, Target, assumed they were covered, but failed to fully consider the value of credit card numbers and other personal data. Between investigating the breach cause, repairing vulnerabilities, hiring legal defense, brand reparation, fines and other costs, Target’s policy only offset $90 million of the $252 million in damage. They were significantly underinsured!
When choosing coverage, consider your company’s risk factor. If you only store email addresses, an attack on your network wouldn’t result in the same level of damage as a business storing social security and credit card numbers. Discuss your current cyber security protection, types of information stored and industry with your insurance provider to create a custom level of protection.
Conclusion
Cyber coverage is a necessity for all businesses, especially smaller businesses that would likely go bankrupt after an attack because they do not have deeper financial pockets like the “Targets” of the world. There’s no set perfect coverage limit for any one business size or industry. Determining coverage depends upon many factors including industry, data stored, and the effects of any lost data, just to name a few.
Ready to mitigate your potential cyber breach losses? Contact a Business Protection Strategist at Professional Liability Insurance Group to find the right coverage for you.
Image: Don Hankins