the 20's super simple guide to cyber insurance

The 20’s Super Simple Guide to Cyber Insurance

Part One: 4 Common Cyber Insurance Misconceptions

In this seven-part blog series, we provide a general overview of cyber insurance and its value for small and medium-sized businesses (SMBs), as well as cover specific topics within cybersecurity that are relevant to getting a good deal on a cyber policy for your organization. Our “Super Simple Guide” breaks down technical concepts in plain English to help business owners and IT decision-makers grasp the fundamentals and make more informed choices.

You’ve heard about cyber insurance, also referred to as “cyber risk insurance” or “cyber liability insurance,” but you’re not sure if it’s something your organization needs.

You know cybercrime is on the rise – and if you don’t, you will by the time you’re done reading this article – but cyber insurance is confusing, and more importantly, it costs money. Maybe you can get away with not having a cyber insurance policy. Then again, maybe not. There’s taking risks and then there’s being reckless.

This month, we’re pleased to introduce The 20’s Super Simple Guide to Cyber Insurance, where we break down the topic of cyber insurance in plain English. The guide consists of seven parts. In this first part, we’re introducing cyber insurance by clearing up 4 Common Misconceptions you might have about the topic.

The next 6 articles cover the following topics, all of which relate to cyber insurance in important ways:

 

    1. Compliance
    2. Encryption
    3. Scope of Data
    4. Multi-Factor Authentication
    5. Security
    6. Data Backup

 

IMPORTANT: This guide isn’t legal advice. It’s also not a substitute for working closely with a team of trusted IT experts to protect your business. The purpose of The 20’s Super Simple Guide to Cyber Insurance is to give you the lay of the land. We want to help you understand what cyber insurance is, why it’s important, and what sorts of things your business can do to control the costs of coverage and reduce the chances of claim denials.

Cyber Insurance Misconception #1: “Cybersecurity is IT’s job – not mine.”

While working with a reputable and experienced IT team can do wonders for your organization’s cyber defenses, even the best IT teams can’t eliminate every single risk (100% protection is an ideal, not an attainable goal). Moreover, robust cybersecurity practices aren’t always enough to protect your business: you can follow all the cybersecurity best practices and still get breached. The numbers don’t lie:

 

 

Cybercriminals have countless opportunities to break into your organization, and as Eric Cole states frankly in his book, Cyber Crisis: “It’s going to happen to you, if it hasn’t already.”

Bottom line: Even with the world’s best IT, cybercrime remains a serious threat. By purchasing cyber insurance for your business, you’re not preparing for the possible; you’re bracing for the inevitable.

Cyber Insurance Misconception #2: “Cybercrime only affects big companies”

Repeat the following until it’s seared into your brain:

“No business is ‘too small’ to be the target of cybercriminals.”

Threat actors are picking on SMBs more and more often because they know these smaller organizations tend to have weaker cybersecurity, making them ‘easy prey.’ Again, the numbers speak for themselves:

 

  • 94% of SMBs have experienced a cyberattack (this is a 64% increase from 2019!)
  • 46% of all cyberattacks target small businesses with 1,000 or fewer employees.
  • 75% of attacks targeted companies making less than $50 million in revenue.

 

Bottom line: If you think you don’t need cyber insurance because you believe cybercrime only affects large companies, think again.

Cyber Insurance Misconception #3: “Cyber insurance is too expensive”

The last thing you want is to add another expense to your business. You may be tempted to skip the insurance and let your IT handle everything, but that’s just a bad idea (see Misconception #1)

We aren’t going to sugarcoat it – cyber insurance can get pricy, but a $5,000 annual fee is a far cry from the average $217,000 cost of a data breach. Moreover, you have more options than you think, with prices changing based on based on various factors including your company’s size, the data you protect, annual revenue, and policy specifics.

Bottom line: You can tailor your cyber insurance to fit your budget. If you’re partnered with an MSP that has cybersecurity expertise, they can help guide you through ways to save money while securing this vital protection – we know we do this for our clients!

Cyber Insurance Misconception #4: “My business doesn’t need cyber insurance because we already have business liability insurance”

Don’t assume that your business’s general liability insurance will cover the costs associated with a cyber incident, because, generally speaking, it won’t.

In fact, a lot of carriers are now making sure to exclude cyber liability. These companies know how common cyberattacks have become, and simply don’t want to take on all that risk.

Bottom line: If your reason for not getting cyber insurance is that you already have business insurance, find another reason!

Summing Up

Cybercrime is real, and it’s here to stay. It happens much more than people realize, and the effects can be devastating. Moreover, businesses of ALL SIZES are targets, and robust cybersecurity practices aren’t always enough to keep your business safe.

Cyber insurance can provide an added layer of protection, as it can cover many of the costs associated with a cyber incident, including:

  • Notifying customers and other affected parties
  • Credit monitoring for affected parties
  • Investigating the cause of the breach
  • Minimizing reputational damages
  • Legal expenses (including compensation for affected parties who choose to sue your organization)
  • Regulatory penalties

The costs of a cyberattack are numerous and severe. And like any kind of insurance, you won’t need your cyber insurance until you do. But then, you’ll really need it.

What’s Next?

Next up, we’re covering a topic whose importance continues to grow: Cyber Insurance and Compliance. Keep an eye on our main blog page for when it goes live!