Small and mid-sized businesses are increasingly bearing the burden of cyber threats, as criminals consider them low-hanging fruits that often do not have the resources in place to mount a strong defense. Having a solid cyber insurance policy in place is key, along with understanding what exactly your policy covers.
A severe attack on a small company can incapacitate its ability to do business, and the expenses of getting operations back on track ― coupled with loss of goodwill ― can easily force many firms into bankruptcy. That’s why it’s important to not only have safeguards in place to avoid being compromised in the first place, but to also take out the proper insurance.
Unfortunately, with more data breaches hitting the news, one of the main concerns that executives have is if their insurance will cover the costs associated with recovering from an attack. Many business owners and executives worry whether the policies they have in place will be adequate in case they are hit by a breach.
If you are running a small or mid-sized company, do not underestimate the growing threat to your business.
Most common types of cyber threats
According to a survey by online insurance news service Advisen and Nationwide Insurance Co., the types of cyber losses mid-sized business incur are:
- Malicious breaches resulting in data losses, 52%
- Unintentional data disclosure by staff: 16%
- Physical loss or theft of data: 13%
- Network or website disruptions: 5%
- Phishing, spoofing and social engineering: 5%
- Other: 9%
Insurance concerns
One of the chief concerns for executives is any overlap or gaps between their property, liability, crime and cyber policies when it comes to covering the costs of recovering from an attack, according to the report by Advisen and Nationwide.
Some companies feel they don’t need cyber coverage because they believe their property and liability policies will cover any related losses.
Here are some of the main findings:
- 95% of respondents named data breach as the number-one risk they expect to be covered by a cyber insurance policy.
- 94.5% said they expected cyber-related business interruption to be covered by a cyber policy.
- 89% said they expect their cyber policy to cover cyber extortion or ransom demands.
- 36% said they have cyber-related property damage/bodily injury coverage under another policy, reflecting the belief that some coverage for cyber-related losses can be found under traditional policies.
- 60% of respondents said they are concerned about perceived gaps and overlaps in their insurance coverage.
For funds-transfer fraud losses, the majority of respondents believed coverage should be found under the crime policy, but also stated they would like to be able to recover under both crime and cyber policies ― or have separate policies with higher limits.
These findings show that businesses are seeking clearer differentiation between cyber and traditional policies, and an understanding of which events are insured and which are not.
The takeaway
One thing to be aware of is that since cyber insurance is a new and still evolving product, all policies do not cover the same thing. That’s why it’s important for businesses to weigh their choices carefully with our guidance.
While the cyber threat has grown, more insurers have also changed language in their property and liability policies to limit coverage of cyber events.
Typical property insurance policies offered higher limits for business interruption for covered property damage. And because of the high costs associated with a data loss, more executives want to see similar limits for business interruption coverage on their cyber stand-alone policies.
This market demand may drive insurers to refine their cyber insurance policies, including increasing cyber-related business interruption limits up to the level of standard property forms, according to the report.
It’s important that when shopping for a cyber policy, you work closely with us to find the one that best fits your needs. We can help you evaluate your risks and coverages and identify any gaps by looking at your existing policies.