Courtesy of NBT Insurance
By Tucker Lounsbury
Cyberattacks on small- and medium-sized businesses (SMB) continue to rise and will only intensify over the next few years. With the increased prevalence and cost of attacks, the absence of a safety net like cyber insurance is no longer an option SMBs can afford.
Assessing The Threat
Ransomware is one of the most common forms of hacking and includes the cybercriminal holding files or devices hostage in exchange for payment. Unfortunately, bad actors know that SMBs, in general, are less likely to have the full spectrum of safeguards in place, leaving them particularly vulnerable to this growing threat.
According to Astra, ransomware attacks have risen by 13 percent in the past five years, with an average cost of $1.85 million per incident. By 2031, it is predicted that a ransomware attack will happen every two seconds.
While training employees and requiring measures like strong passwords, regular password resets and multi-factor authentication are critical lines of defense, these steps are no longer enough.
Establishing a Safety Net
As an added layer of security, businesses large and small should invest in appropriate cyber liability and modern crime insurance policies. Cyber insurance typically refers to two forms of critical coverage: privacy exposures, which covers third party liability if personal information is stolen or compromised; and related first party expense coverage, which helps businesses mitigate the costs of damages and recovery resulting from a cyber-attack, which can be very costly. Modern crime policies protect physical theft of money that might be the focus of the bad actors targeting business networks.
The vast majority of businesses cannot effectively recover from cyber-attacks without the incident response expertise, breach management services and financial security that these insurance policies provide. Increasingly, businesses and other entities are requiring vendors to carry this type of insurance before entering into or renewing contracts.
Businesses should essentially consider this type of protection the same way as other ‘must-haves’ of doing business, such as property insurance, general liability insurance and workers’ compensation.
Cyber insurance has a reputation of being expensive – even cost-prohibitive. But rates have come down in recent years as most SMB have invested in cyber risk management and related security tools. The cost of a cyber insurance policy is a small price to pay compared to the potential financial and reputational losses resulting from an uncovered cyber-attack.
When considering coverage, businesses can expect insurance carriers to evaluate the nature of the business and corresponding risk and hazard level; security infrastructure, in-house (firewalls, security software, policies and procedures) and outside (vendor/third-party risk); data sensitivity and volume; and other factors to determine the most appropriate coverage options and pricing.
In today’s digital age, the threat posed by bad actors is ever-present and constantly evolving. No business, regardless of size or industry, is immune to these risks. Investing in cybersecurity and crime insurance is not just a precaution—it’s a necessity.