As cyberattacks continue to escalate and hit businesses of every size, more and more business leaders are looking for ways to limit an incident’s negative impact on their organization.
One way that many are doing that is through pursuing cyber liability insurance. Cyber insurance is a specialty type of insurance whose policies include coverage against damage from cyberattacks, including data loss, theft, hacking, or denial of service attacks. Similar to other types of insurance, it helps offset the costs of significant events, including audits, public relations, data recovery, investigations, and more.
For SMBs, the cost of a cyberattack can be particularly devastating. With the average cost of a data breach at $3.62 million, some estimates find that 60 percent of small businesses will be forced to close within 6 months of a cyberattack. As SMBs consider investing in cyber insurance to offset this risk, here are five things they should consider:
Increasing in popularity. More and more people have been turning to cyber insurance to mitigate the potential costs of an attack. As a result, the market has skyrocketed in recent years, growing from $6.15 billion in 2020 to more than $7.6 billion in 2021. It is only predicted to grow further, with estimates predicting it will reach $36.85 billion by 2028 at a Compound Annual Growth Rate (CAGR) of 25.3 percent.
What is typically covered. Cyber insurance will typically cover incidents that include network security and privacy liability, network business interruption, media, and errors and omissions. Under these categories, it may cover the costs for legal expenses, IT forensics, ransomware payments, data restoration, breach notifications, customer support, public relations, and other services.
Cyber insurance doesn’t cover everything. It’s not common for cyber insurance to cover items like loss of future profits, loss of value due to intellectual property theft, or costs to upgrade systems following an incident. However, what is ultimately covered and not covered varies significantly from policy to policy, so an SMB needs to review what is covered carefully.
Understand your policy. There are many different varieties of cyber insurance, so an SMB needs to read the fine print and know what is covered under their policy and what standards of protection they need to meet inside their organization to comply with the policy.
Payouts aren’t guaranteed. There have unfortunately been some examples of companies covered by a cyber insurance policy where insurance providers have denied a payout, often for failing to comply with basic security standards required within the policy. These may include utilizing basic cybersecurity protection technologies or other efforts.
Cyber risks aren’t going away any time soon, and if anything, they are only showing signs of increasing in the years to come. For that reason, an SMB should consider every tool at its disposal to limit risks to its business operations. In doing that, the SMB is serving the best interests of their employees and customers for the long term.