Should I Get Cyber Security Insurance for my Small Business?
Cyber criminals look for vulnerable targets and unlike big corporations, many small businesses do not have the resources to invest in advanced cyber security measures, putting small business at risk for cyberattacks. If your small business stores or processes any kind of sensitive customer information such as names, addresses, medical records, Social Security numbers, or credit card information, you should know that this kind of data is exactly what cyber criminals are interested in stealing. Accountants, hairdressers, real estate agents, marketing companies, contractors, and retailers are just a few examples of the types of businesses that may be at risk. Having cyber security insurance can protect your business from the financial fallout of a cyberattack.
Common forms of cyberattacks include:
- Data breaches: cyber criminals are looking for personal, professional, and client data and financial information to sell
- System hacking: hackers can compromise a business’s computer systems and servers
- Theft: cyber criminals can access your business’s accounts and assets and make a false wire transfer
- Ransomware extortion payments: after hacking into your computer system and paralyzing it or deleting vital data, thieves demand ransom money to restore the data and return the system to working order
- Phishing scams: your customers could be tricked into giving up their personal information to hackers
The rise in the number of people working from home has increased the risk for cyberattacks. Remote work relies on cloud-based services, file sharing, and online meetings. The more your business operates online, the more likely it is to attract criminals searching the internet for easy targets.
According to Security Magazine, 58 percent of companies with less than 1,000 employees have experienced a security breach, and 67 percent have been the victim of a cyberattack. Dealing with the damage after the attack cost an average of $200,000. Some businesses cannot recover from such an attack either because the financial blow is too great, or their reputation has been ruined with their customer base.
What are Some Risk Factors for Cyberattacks?
When assessing your need for cyber security insurance the following factors should be considered:
- What type of sensitive information your business collects and if it is stored online or on computers
- The number of people who can access the stored data
- The number of employees using their personal devices for work
- The size of your customer base
- How much web interaction you have with your customers
- How much your business relies on confidentiality
- The amount of revenue and assets owned by your company
What Does Cyber Security Insurance Cover?
There are several types of cyber security insurance but the two most common are first-party and cyber liability insurance. First-party coverage will help your business recover from a cyberattack by covering costs related to:
- Investigative services
- Identity theft
- Data recovery
- Repairs to damaged computer systems
- Customer notification
- Network outages including loss of income
- Ransom payments
- Public relations to restore your business’s reputation
Cyber liability insurance protects your business against any lawsuits resulting from a cyber security breach including any costs related to:
- Regulatory fines – if your business was not compliant with security requirements
- Legal fees and settlement costs
Technology errors and omissions insurance, commonly referred to as E&O is something that you should consider if your small business provides technology products or services. Tech E&O covers incidents affecting third parties that are directly caused by an error on your part, such as a mistake in coding.
Some insurance companies offer data breach insurance geared specifically toward data theft incidents. As with any product, you should research how much coverage you need and what insurance policy is the best for your business. You may want a policy with blanket coverage or one that is more specific. It is also important to know exactly what terms and conditions will trigger coverage and if certain kinds of attacks are excluded so that when and if a cyberattack occurs you know what to expect.
Exclusions from Cyber Security Insurance
As with any types of insurance, not everything is covered by a cyber security insurance policy. Property damage from a cyberattack such as hardware that is left non-functional after an incident is not covered. Neither is any intellectual property that might be stolen, and the lost income associated with it. Small business owners with valuable intellectual property should have a separate intellectual property insurance policy.
Of course, any self-inflicted cyber incidents or crimes related to causing a cyber incident will not be covered by insurance.
How Can I Protect my Small Business from a Cyberattack?
Cyberattacks are increasingly common and small business owners must protect themselves against criminals who could invade from anywhere in the world. After getting the appropriate cyber security insurance, take these steps to reduce the risk of an attack at your company:
- Know how to recognize signs of a data breach – suspicious files, unusual behavior, unusual transmission of large amounts of data, etc.
- Use anti-virus, anti-malware, and vulnerability programs and keep them all up to date.
- Use data encryption to keep sensitive data safe and secure.
- Use multi-factor authentication whenever possible and especially for any remote access tools.
- Essential files should be securely backed up on a regular basis.
- Ensure that remote workers are following strict cybersecurity protocols.
- Change passwords after changes in personnel and when employees leave the company.
- Educate employees on avoiding phishing scams, malicious links, and other forms of cyberattacks. Establish a plan for what to do in the event of a data breach and designate a team to handle the response.
Check with your insurance provider to see if the cost of taking these protective measures is covered by your cybersecurity policy.
New Jersey Insurance Lawyers at Herold Law, P.A. Provide Experienced Counsel for Small Business Owners
Whether you need help choosing the right kind and amount of cyber security insurance or need help settling a dispute with your insurance company, the Warren insurance lawyers at Herold Law, P.A. can help you. To schedule a consultation with one of our experienced New Jersey insurance lawyers, call 908-647-1022 or contact us online. Located in Warren, New Jersey we proudly serve clients in Warren and Plainfield.