Small and mid-sized businesses are increasingly being targeted for cyber attacks, as criminals consider them low-hanging fruits that often do not have the resources in place to mount a strong defense.
A severe attack on a small company can incapacitate its ability to do business, and the expenses of getting operations back on track — coupled with loss of goodwill — can easily force many firms into bankruptcy. That’s why it’s important to not only have safeguards in place to avoid being compromised in the first place, but to also take out cyber insurance.
If you are running a small or mid-sized company, do not underestimate the growing threat to your business. Hiscox’s “2019 Cyber Readiness Report” estimated that cyber-security incidents would cost businesses over $5 trillion within the next five years alone.
According to a survey by online insurance news service <i>Advisen</i> and Nationwide Insurance Co., the types of cyber losses mid-sized businesses incur are:
- Malicious breaches resulting in data losses: 52%
- Unintentional data disclosure by staff: 16%
- Physical loss or theft of data: 13%
- Network or website disruptions: 5%
- Phishing, spoofing and social engineering: 5%
- Other: 9%
Cyber insurance
Some companies feel they don’t need cyber coverage because they believe their property and liability policies will cover any related losses. They are mistaken. For costs associated with a cyber attack or a network failure, the standard property or liability policy will come up short.
Fortunately, there is cyber insurance. There are a number of different policies from various insurance companies that provide different levels of coverage.
That’s why it’s important for businesses to weigh their choices carefully with our guidance.
Generally, cyber insurance is designed to protect your company in five areas:
1. Network security
This aspect of cyber insurance covers your business in the event of network security failure; which can include a data breach, malware infection, cyber extortion demand, ransomware or business e-mail compromise.
Network security coverage will reimburse for expenses that you incur as a result of the cyber incident, including:
- Legal expenses
- IT forensics
- Negotiation and payment of a ransomware demand
- Data restoration
- Breach notification to consumers
- Setting up a call center
- Public relations expertise
- Credit monitoring and identity restoration.
2. Privacy liability
Privacy liability coverage protects your company from liabilities that stem from a cyber incident or privacy law violation. This usually arises when a third party’s personally identifiable information that your company stores has been compromised.
These third party costs can arise, for example, from liabilities required in a contractual obligation, as well as regulatory fines or penalties levied by government agencies.
3. Network business interruption
Network business interruption coverage kicks in if a cyber incident has led to your company being unable to operate fully or partially.
For example, if your network goes down due to a cyber event, the insurance will pay for your lost profits, expenses and extra costs incurred during the time your business was interrupted.
Cyber incidents that may cause business interruption include:
- System compromised by an outside party.
- System failure, such as a failed software patch or human error.
4. Media liability
This coverage pays for costs related to intellectual property infringement, other than patent infringement, resulting from the advertising of your services.
It often applies to both your online advertising, including social media posts, as well as printed advertising.
5. Errors and omissions
One of the most concerning results of having your network compromised is the possibility of your organization not being able to fulfill its contractual obligations and deliver services to your customers.
The errors and omissions portion of a cyber policy will cover claims arising from errors in the performance of or failure to perform your services.
This can include technology services, like software and consulting, or more traditional professional services like lawyers, doctors, architects and engineers.