Small and medium businesses may think they aren’t targets for these crippling cyber-attacks, but that’s far from the truth. Thankfully, there are steps SMBs can take to mitigate risk and survive future attacks. One major recommendation is to get cyber insurance. But is it worth it?
Cyber insurance is no longer just for major industry stakeholders and corporations. Small and medium businesses can benefit the most from relatively affordable cyber insurance premiums. We’ve crunched the numbers to highlight why your small business needs cyber insurance as a part of your cyber security strategy.
The Cost of a Cyber Breach
According to IBM, the average cost of a cyber breach is $4.24 million, which has increased 10% year-over-year (IBM). This includes an array of costs, many of which are unexpected and vary widely. Loss of billable hours, loss of equipment, and bringing in third-party breach response teams account for much of the cost.
However, to add to the headache, there could also be a ransom your business must pay to recover critical data. The average ransom payout is $111,605, even after paid third-party breach experts negotiate with the hackers. It doesn’t end there, though. It’s technically illegal to pay ransom directly to hackers; so, if you go this route, you must also pay brokerage fees for third-party specialists to transfer the ransom funds via cryptocurrency (Bank Info Security).
(Note though, if you are attacked via ransomware, you may have to pay the ransom out-of-pocket before getting reimbursed by your insurance provider.)
Finally, you must consider the cost of a compromised reputation and potential loss of future business. Even if your team survives the initial breach, the cost of a cyber breach can continue to grow due to these future expenses.
The Cost of Cyber Insurance
Annual cyber insurance premiums can vary widely for SMB’s due to a number of variables. However, we have seen small businesses pay annual premiums anywhere from $2,000-$6,000. One of the biggest factors to consider is the level of risk your business carries. Improving your cyber security can potentially lower your premiums.
In fact, many Insurance Providers require certain security measures in order to receive or renew coverage. Some of those safety parameters could be:
- Multi-Factor Authentication for certain accounts
- Secure Data Backups
- Regular Employee Cyber Security Training
- Data Encryption
- A Completed Risk Assessment
The only way to get an exact price for cyber coverage is to reach out to an experienced cyber insurance provider. They will assess your business and a range of variables to determine a rate specifically for you.
What Does Cyber Insurance Cover?
It honestly depends on your policy. There are different types of cyber insurance, such as First-Party Coverage, Third-Party Coverage, as well as supplemental Ransomware and Cyber Crime coverage.
First-party expenses from a data breach could include:
- the cost of third-party breach response experts
- public relations expenses
- repairing damaged equipment
- recovering compromised data
- notifying affected customers
- identity recovery
Conversely, third-party costs include:
- legal fees and expenses
- Settlements outside of court
- Judgments if any found liability
- Other court fees and costs
Supplemental coverage and add-ons are available to cover your company’s specific needs. Some options include Ransomware and Cyber Crime coverage, as well as loss of billable hours or future business.
However, this is all dependent on your insurance policy, so check with your insurance provider or broker for the most accurate information. The cyber incident landscape is changing daily, so there are new policy add-ons available that may cover these sorts of stressors.
So…is it Worth it?
YES. The proof is in the numbers. Here at Fixed Fee IT, we highly recommend that all of our clients have cyber insurance coverage.
Throughout the years, the tech industry has proven that it’s always worth it to be proactive with cyber security measures. Migrating to the cloud, using strong passwords, and enabling Multi-Factor Authentication all help mitigate your risk of an attack. But none of that matters once hackers infiltrate your system. That’s what cyber insurance (and an incident response plan) is for.
Much like going to the dentist, or getting your oil changed, cyber insurance is a necessary expense to keep you safe in the long run. With the uptick of devastating cyber-attacks on small businesses, you must prepare your business for when an attack occurs. 60% of small and medium businesses that are hacked go out of business within six months. Cyber insurance is one of the essential components to ensuring your company can financially survive one of these expensive attacks (Inc.com)
Sources:
Cost of a data breach report 2021. IBM. (n.d.). Retrieved December 7, 2021, from https://www.ibm.com/security/d….
Galvin, J. (2018, May 7). 60 percent of small businesses fold within 6 months of a cyber attack. here’s how to protect yourself. Inc.com. Retrieved December 7, 2021, from https://www.inc.com/joe-galvin….
Schwartz, M. J., & Ross, R. (n.d.). Ransomware: Average business payout surges to $111,605. Bank Information Security. Retrieved December 7, 2021, from https://www.bankinfosecurity.c….