Cyber Insurance Coverage for Small Businesses

I am reading more stories about small businesses being the victims of cybercrime, most often in the form of hacking and data breaches.   Small businesses are targets of cyberthieves because they often have no network security or limited network security while most large business have security and procedures in place to prevent unauthorized network intrusions.

Small business often lack the resources and time to implement security.  In January, I did a blog post with recommendations that small business owners can use to enhance the network security for their business and prevent cyberattacks.    And, in addition to putting together a plan, it is also important that small businesses protect themselves by considering a cybersecurity insurance policy.  These policies are designed to help business mitigate risk exposure by covering the costs involved with not only a data breach but also the costs involved with recovering from a security breach or similar event.

Here are some reasons why cyber insurance is a good idea for small businesses:

Most states have data breach statutes that dictate how companies are required to respond and those responses will cost money to implement.  Cyber insurance will cover those costs.

All businesses, regardless of the size, that save the personal information of customers, employees, or other third parties are a potential target for cybercriminals.  These criminals are looking for personal information that they can easily steal so they can use it for identity theft.

The insurance will protect a small businesses from suffering financial distress in the event of an attack.

When looking for cyber insurance, be sure to look for policies that cover the following:

The cost of a forensic investigation. This investigation will determine what happened, the extent of the damage to the business from the intrusion, what steps are needed to correct the damage, and gives insight into preventing an attack from happening again.

The financial impact to the business.  These costs arise from a computer network being offline, the business operations being interrupted, the recovery of lost data, and the work to repair damage to a brand or the business’s reputation.

The costs of notifying victims.  These are the costs related to notifying customers, employees, or other third parties that their personal information may have been stolen and providing credit monitoring to these groups. 

The costs arising from litigation or fines.  Your business can be held liable for losses customers and other third parties may experience from a cyberattack and it is important to have a policy that covers legal expenses in the event of lawsuits, legal settlements, and/or any fines that may result from the intrusion.

Extortion from ransomware.  Ransom is malicious software that infects computer systems and encrypts files.  The thieves will only unencrypt the files if a payment is made.  Look for a policy that will cover these costs.