4 Key Questions to Assess Your Cyber Risks
If your business takes credit cards or stores sensitive customer information, it is a good idea to get cybersecurity insurance that covers the liability from online threats.
You’ve probably seen the headlines of large companies suffering hacking incidents or data breaches, facing hefty lawsuits and PR nightmares for losing sensitive information. But small businesses aren’t immune, either. A report from the Better Business Bureau in 2017 stated that when it comes to small businesses, the overall annual loss was estimated at almost $80,000 on average.
That’s why more and more insurance companies are offering cybersecurity insurance to protect you and your business in case of a data breach.
In today’s increasingly digital world, there are serious risks to small businesses that handle sensitive data. Read on to see if cybersecurity insurance is right for your business.
1. What is Cybersecurity Insurance?
Cybersecurity insurance is still relatively new in the insurance world, considering the technology-oriented situations that it covers. In a nutshell, cybersecurity insurance can cover a wide range of claims related to the security of information, including the loss of sensitive information through data or network breaches, hacking, phishing or even the theft of an employee’s laptop or phone.
Such information can include credit card numbers, Social Security numbers, account numbers, health records, driver’s license numbers and passwords. Losing or compromising any of that information through a breach could result in costly legal issues for you and your business, and cybersecurity insurance could help recoup such costs.
2. Do I Need Cybersecurity Insurance?
Cybersecurity insurance isn’t mandatory, but it can be an important protection to you and your business in the following cases.
- Your business collects, stores or handles confidential data, such as customer payment, credit, medical, identification or bank account information.
- Your business stores customer names, email addresses, physical addresses or phone numbers electronically.
- Your business accepts credit cards or other types of digital payment.
- You or your employees use networked computers and mobile devices for record-keeping.
Retailers, IT companies, insurance agents, healthcare providers, and financial professionals like accountants or tax preparers have especially become targets for hackers and data thieves. It can happen to any business big or small, so cybersecurity insurance is increasingly becoming a smart investment for entrepreneurs.
3. What Type of Cybersecurity Insurance Do I Need?
Insurance companies have developed two types of cyber risk insurance to protect businesses: first-party cyber liability and third-party cyber liability. First-party coverage protects against losses and damage to your business; this is the kind that most non-IT companies most often need, since it’s probably adequate to cover the data-related risks they face in their daily operation.
First-party coverage generally pays for the following costs.
- The cost of notifying clients in case data is compromised
- Acquiring credit-monitoring services for your business or for affected customers
Lost income as a result of a breach or unauthorized access, or lost income while dealing with the fallout of an incident
- The cost of public relations campaigns or marketing to restore your company’s reputation
- The cost to the business owner or employees in the case of identity theft
- Replacing electronic equipment damaged by cyber attacks
- In extreme cases, paying a cyber extortionist who holds important data hostage
Third-party cyber-liability insurance covers the company’s responsibility for customers’ data. It also covers the failure to stop the transmission of a virus or other malicious software, as well as losses caused by a company’s failure to provide adequate network security. IT companies, financial organizations, and other companies responsible for the safe storage of data (or the installation of a network, server, or software that stores data) might want third-party coverage in addition to first-party coverage to further protect themselves.
Third-party coverage generally pays for the following costs.
- Judgments against your business in lawsuits stemming from compromised data
- Attorney fees
- Fines or penalties from the government and regulatory groups
- Defense costs for going before regulatory boards
4. How Much Does Cybersecurity Insurance Cost?
Cybersecurity insurance costs can vary greatly depending on what coverages you need and how much risk your business faces. Small-business cyber-liability costs usually start in the $1,000 range for a $1 million coverage limit. Factors such as revenue and the volume and type of records a business manages may push that cost up to $7,500, while large businesses that handle vast amounts of data can pay tens of thousands of dollars annually.
To find the right coverage for your business, talk with a business insurance expert at AAA Washington Insurance Agency. Make sure to do your due diligence — almost every company is at risk of cyberattacks, and it’s always wise to protect your business.
– Written by Arnie Aurellano, last updated in January 2023.