Most associate a business that is under attack with physical theft of products or assets. However, cybercrime is an extremely real and costly occurrence that takes place in the U.S. far more than you might think. A breach in sensitive business data can result in such a severe loss, the company may not be able to bounce back, or worse failing altogether. Aside from internet-based protection and internal forms of security, why is it that cyber liability insurance isn’t more common among small business owners?
You may see news reports of hackers targeting large conglomerates and institutions. But before you decide that your company is not big enough to be a victim of cybercrime, consider the fact that around two out of three small businesses have suffered a breach or attack in the last year.
Why You Should Take Notice of Cybercrime
The amount of cybercrime that occurs daily, in addition to the toll it takes on business owners and consumers alike is astounding. Cybercrime can range anywhere from malware and ransomware, to attacks on more severe levels, including identity theft and privacy violation. Cybercrime has a huge following and, as a whole, can rake in as much as $1.5 trillion a year, as it did in 2018. With the availability to attack anywhere internet access is present, hackers infiltrate computers and networks at a rate of one attack every 39 seconds.
The U.S. ranks sixth among the 12 countries who get hit the hardest when it comes to cyberattacks, but it doesn't stop there. Cybercrime is distributed across multiple platforms and can affect any business who may use them. One such platform is social media, which can make as much $3.25 billion a year through cybercrime. Attackers who focus on social media look at sites like Facebook, Google and Yahoo to steal passwords and gain access to personal and business information. After gathering passwords, attackers can view and store photos, messages and anything else that has been saved in or discussed through your account.
Email is another popular platform attackers like to target, as it can be easy to create social engineering tactics, such as phishing emails, to lead a business owner astray. Phishing emails can look authentic and seem as though they come from a legitimate sender. However, clicking on or submitting information to these emails can prove to be extremely damaging. A good way to avoid interacting with phishing emails is to delete them immediately or contact the sender to authenticate that it is a real email requesting your information. It's also important to note that companies with your sensitive information, such as hospitals and banks, are highly unlikely to ever request personal or financial information through your email.
A PCI assessment typically audits merchants who accept, process, store, or transmit credit card information. If a breach were to occur, a PCI assessment is done to validate any form of compliance with the Payment Card Industry Data Security Standard. Because data managed by businesses can be sensitive, PCI standards are strict and failure to meet those standards can result in fines from $5,000 to $10,000 from credit card companies. Further non-compliance with PCI can lead to an FTC audit.
Once hackers obtain valuable information, several events can occur afterward. Information collected regarding your own information, or your employees’ and customers’ information, often does not fall into the hands of just one person. Hackers can sell important information to others and give access to people across the world. They can also lock you out of your accounts and other essential programs and demand a ransom to get it back. In other cases, there is no motive for hackers to steal your information and may do so just because they can.
Ways to Prevent Cybercrime
Some prevention methods should be practiced more regularly on-site. For example, you should set strict access to accounts that house your billing, personal information or employee records – and make sure that the employees who do have access are given internal training on how to protect and properly use that information. Doing so can limit the access to these important accounts, lessening the chance for cyber criminals to gain access via carelessness by other members of your company. It's also essential to create strong passwords using upper and lowercase letters, numbers, symbols, or a mixture of all of the above. Another tip is to try not to use the same password across all platforms and software. Doing so only makes it easier for hackers to get ahold of your data across different entities. You should update and keep track of your passwords every 60 or 90 days, regularly back data, use anti-malware software with regular updates and use multifactor identification methods like security questions and PINs. You can even go as far as prohibiting smartphones or other smart devices from being used while employees are at work. Doing so can increase the level of safety and let your staff know how severe cybercrime is to your business.
Experiencing a breach in data can be extremely stressful and no one has a simple solution. From customer assurance and communication to investigation and further prevention, recovery is time-consuming and challenging to maneuver. In other words, do everything you can to save the identity of your company and your customers.
For What It's Worth
When it comes to how often cybercrime affects small businesses, about two out of every three small businesses have experienced some form of cybercrime. Further studies show that 60% of small companies go out of business within six months after suffering a breach of data. Not being able to bounce back is typically a result of the high cost to investigate or get information back combined with losing money in refunds if customer information or finances are stolen. Experiencing a breach in data can also result in a damaged reputation, a decrease in new business and loss of profit if you have to place your business on hold to address a security breach. All of these items create a formula for a takedown in what could be a potentially steady-earning business.
The costs associated with a cyber-attack can be overwhelming, so you should know them to reinforce the seriousness of not protecting your company and its assets. These costs can be broken down by "hard" and "soft costs."
Hard costs include getting a developer to repair the damage, cost of implementing new communication methods with your team while business is down and measures to move forward with a new host site, to name a few.
Soft costs may include loss of data and updated prevention methods. Costs to prevent a cyber-attack from happening ever again is no small amount of money. A study conducted by Ponemon showed that small businesses spent an average of $1.43 million to investigate and try to recover from cyber-attacks in 2018. Companies also experienced an average loss of $1.56 million as a result of having to pause business because of an attack.
Small Business Don't Have the Backup They Need
According to a recent survey conducted by the Cyber Readiness Institute (CRI), upwards of 60% of small businesses do not have a cyber-liability insurance policy, placing them at a huge risk if there was a breach in data. Despite the growing risk posed by cybercrime, many small business owners do not hold cyber-liability policies. Why? The main reason is relatively simple: many small business owners believe that the cost of having a cyber-liability policy does not outweigh the benefits. However, as you can see from the amount to be lost, this is just not true.
Another reason small business owners choose not to cover themselves when it comes to cybercrime is that they feel someone in IT can resolve any issues. The truth is a security breach can cause a variety of problems that may require the expertise of several professionals and not just one person who has a background in IT. Malicious codes, malware removal and discovering the source of the issue can all require several people to help recover and remove web issues. If your website is hacked and you rely on e-commerce for your business, it will take quite a bit of time, to get back up and running efficiently and effectively. The top ten websites most loved by hackers include WordPress, Joomla, Drupla, Magento, OpenCart, OsCommerce, PRestaShop, PHPBB, ModX and vBulletin. With over 400 million people who rely on WordPress, that is a ton of precious data to put at risk every day without coverage.
Despite the growing risk, there's good news for small business owners exposed to cybercrime as cyber liability is becoming more accessible and affordable than ever before. In a world where technology is king, this is big news for businesses who have held back from seeking the coverage because of budget strains. Similar to taking care of your storefront with traditional insurance, cyber liability coverage for small businesses is a worthy, long-term investment and can protect your business from going under after an attack.
Cyber Liability Insurance
Aside from investing in a comprehensive online security system for your business, it is highly recommended that you consider cyber liability just in case something does go wrong. As a small business owner, it's better to be safe than to risk it all.
Gallagher Affinity is the expert in the area of cyber liability and have created a highly effective program to protect your business from online hackers and thieves. You can even use this plan if you're an independent contractor.
- Easy Online Quote and Purchase Process
- "A-" Rated Admitted Insurance Carrier
- Access to 24/7/365 Breach Response Line
- Broad Coverage Options for:
- Cyber Hacking
- Data Breaches / Lost Information
- Disclosure of Private / Confidential Information
- Defense / Legal Costs
- Regulatory Claims and Penalties
- Multimedia Liability
- Cyber Crime and Extortion
Our program can cover first-party expenses such as breach response costs, credit notification costs, monitoring services for up to a year, forensic analysis, PR consultant, cyber extortion and loss from business interruptions. We can also help cover third-party expenses, including claims regarding costs and damages due to violations of privacy law or regulation and multimedia library claims, which infringe on your business due to copyright issues and defamation. Other third-party expenses might include regulatory fines and penalties, compensatory payments and PCI assessments.
We can get you covered and help ease the burden from the aftermath of a cyber-attack in just a few short steps. You can even request a quote online and get an answer in minutes. Gallagher Affinity is capable of guiding you through the ins and outs of your cybersecurity policy. We believe in the power of knowledge and informing those everywhere that proper coverage is not only easy to find but can also be affordable. We have licensed customer care reps, top-rated carriers and online applications to save you and your business time as you enroll for new coverage. We can even provide proof of insurance in just a few minutes to help keep you confident and on the right track.
When it comes to your business, there's no room to gamble. In addition to making sure you do what you can to protect yourself from the inside, getting cyber liability insurance can help put your mind at ease so that you can continue to focus on managing and operating your business as you need to. With a new web page getting hacked every second, the time is now to look into what you can do to cover your business even more. Online hackers won't wait, and you shouldn't either. Ensure the financial health of your business and contact us for more information on cyber liability coverage for your small business.
Joseph Peters, Account Executive
Phone: (941) 757-0030
Joe is currently in a leadership role for business development for Gallagher Affinity. After an extensive sales career, Joe switched industries to join Gallagher Affinity in 2011. After obtaining a 2-20 General Lines P&C license, he lead a new sales venture that quickly grew a Professional Liability book of business to over $1,000,000 and continues to grow today. With a focus on risk management, he has provided peace of mind and security to his clients. As a student-athlete at Hilbert College, Joe was able to transition his leadership skills to business.