As cyber attacks continue to make headlines while operating costs continue to rise, you might be on the fence when it comes to purchasing cyber insurance. If you run a small business, surely that money could be better spent elsewhere, right?
Not so fast. It might seem like a luxury or nonessential expense on the surface, but tailored insurance is central to a modern cyber defense strategy. Did you know that the average cost to a US business after a data breach rose to $8.64 million in 2020? For most companies, a monthly insurance premium is much more palatable than the potential recovery costs that follow a cyber attack.
I’ve got property insurance – why do I need cyber insurance?
There’s a common misconception that leads businesses to dismiss cyber insurance: the idea that cyber coverage just isn’t worth it, because it doesn’t pay out when you need it to.
“There’s been a fair bit of media coverage around this notion that cyber insurance doesn’t pay,” says Josh MacDonald, Chief Underwriting Officer at Elpha Secure. “This is not true. There have been cases of property policies with inclusions related to cyber coverage that didn’t reimburse costs resulting from a cyber attack, but it’s unfair to assume a cyber insurance policy would leave you high and dry.”
In fact, cyber insurance is a necessary part of your cyber strategy, no matter how big or small your company might be. Here are four irrefutable reasons why every business should have comprehensive cyber insurance.
1. Any interaction with the internet is risky.
There are millions of threats lurking online, so you never know what’s waiting around the proverbial corner — or how vulnerable you might be at any given moment. Nearly every business has a relationship with the internet, and even a relatively superficial one poses a risk. After all, a lot of damage can be done with a well-constructed email.
Constant exposure to phishing makes even the most resilient employees more likely to let their guard down.
Consider this: a hacker poses as an IT administrator and sends an email requesting your user credentials for a system upgrade. The sender’s name looks legit and since the IT team has sent messages of this nature in the past, you continue without much thought — and your company’s network is breached within minutes. Which leads to the next point…
2. You’re only human.
The internet is the Wild West; there are no rules. You may behave with a moral compass and common courtesy, but others may not. Bad actors know how to take advantage of vulnerable moments, emotional motivation, and psychological fatigue.
Phishing is not a new tactic, but as approaches evolve, it gets more difficult by the day to spot a suspicious message. In fact, a recent phishing study from ETH Zurich reveals that employees who are continuously exposed to phishing eventually fall for it. In the end, constant exposure to phishing makes even the most resilient employees more likely to let their guard down.
So, what if someone impersonating a colleague or client convinces you to send money? This act of fraud has nothing to do with your network security — you’re vulnerable because you’re human and sometimes your business works with wire transfers. However, without the right coverage, you'd likely be on the hook for the expense.
Cyber coverage is designed to help you respond and recover with as little downtime as possible and with limited out-of-pocket expenses.
3. No matter your security, there’s always residual risk.
It’s helpful to imagine your website as your front door: you want to make sure the door is closed and locked, and if possible, have an alarm system in place to protect your digital domain just as you would your own home. In fact, cybersecurity measures are not only useful, they’re becoming an official requirement in the fight against ransomware.
But no security measure is a guarantee. Threats are advancing, and sometimes it takes a while for your defenses to catch on (and catch up). In turn, incidents can happen even when you’re being careful, which is when you count on cyber insurance to come to the rescue.
Cyber coverage is designed to help you respond and recover with as little downtime as possible and with limited out-of-pocket expenses. Extortion coverage, Business Interruption, and Data Restoration are three coverages to look for in a cyber insurance policy.
4. History tends to repeat itself.
Not only is a cyber attack a stressful event, it’s a wake-up call: instead of granting immunity, a successful attack can open the door to more of the same, so you need to take action immediately. If someone hacks and defaces or corrupts your website, you must figure out how they did it, why they did it, and how to prevent it from happening again.
This is where a feature like Incident Response coverage comes into play: it’s designed to cover the extra costs that come with the extra services you may need, including computer forensics to perform a thorough investigation.
A tip to help you compare coverage
Not sure where to start, what to look for, or how to weigh coverage features? Trust your broker. Working with a broker who truly understands cyber risk, and your particular risk, is best. For example, a manufacturer might not need coverage for sensitive personal information, but they will likely need more Business Interruption coverage.
Your cyber insurance challenge is to get the coverage you need to battle the big threats in front of you without overpaying. Here’s what to consider when it comes to cyber coverage for 2022.