fbpx
Powered by rate.com

Does my business need cybersecurity insurance?

by Jennifer Phillips by Dominic Tassi
SVP, Operations
Updated: March 5, 2024
Business

Summary

Small and medium-sized businesses are often targeted by cybercriminals. This is because they are less likely to invest in expensive security upgrades. As a result, they are vulnerable to cyberattacks.

  • Cyber liability insurance can protect companies from losses associated with cyberattacks or data breaches
    Cyber liability insurance can help your business recover from an attack

During the spring of 2021, the public became aware of a ransomware attack on Colonial Pipeline. The company delivers gasoline to Southeastern states. The ransomware attack stopped operations, causing a gasoline shortage in some states.

The public paid attention to this story because it quickly affected gas prices. Many people wondered how often these crimes occur as a result.

Unfortunately, this type of attack is not rare. Cybercrime is becoming more common. Ransomware is a type of cybercrime where hackers take control of a company’s systems and demand payment to release them.

There are a number of myths surrounding cybercrime and how it impacts small businesses. Let’s debunk myths and explain how cybersecurity insurance can protect your small business.

Do you already know that you need a quote for business insurance? Contact the team at Guaranteed Rate Insurance today and get the quote you need!

Get your free quote and see if you could save

Myth #1: Small businesses aren’t a target

Fact: Any business, large or small, can be a target for hackers. In fact, small and medium-sized businesses are targets for hackers specifically because they are less likely to dedicate the resources and money necessary to keep both hardware and software up to date to prevent hacks.

Hackers know this, and so smaller businesses are a prime target. In simple terms, criminals target places with the least protection. This applies to both physical crimes like car theft and digital crimes like cyberattacks.

If your business uses email, operates in the cloud, has a bank account, stores sensitive personal data – such as social security numbers or health information, for employees or customers – or processes credit cards, the business could be at risk.

Myth #2: As long as you update your software, you’ll be safe

Fact: While updating your software is important, it might not be enough to protect you. Cybercriminals have developed very sophisticated processes for gaining access to business systems.

In the entertainment industry, hackers often sit in front of computers writing code to bypass corporate software systems. Businesses commonly face risks from these tactics.

Phishing

Phishing is designed to trick an email recipient into either disclosing private information, or downloading malware. Cybercriminals are good at making emails look like they’re from real sources, like banks or vendors. These types of emails frequently ask recipients to click a link to verify login or account information.

Spear-phishing

“Spear phishing” takes phishing to a more sophisticated level. Hackers will target specific people within a company or organization. It’s usually a person with access to sensitive information such as banking or private employee data. Emails to this person may appear to come from someone who it would be difficult for an employee to say no to, such as a CEO or owner.

In spear-phishing, criminals trick people into giving them information by pretending to need help. They take advantage of the person’s willingness to assist.

SMS-phishing

“Smishing” scams are text messaging scams designed to install spyware on a mobile device. These are also sometimes called link scams.

Once a criminal has used one of these techniques to access the sensitive or critical systems in your business, they can install what is known as ransomware.

Ransomware typically will lock legitimate users out of a system, encrypting the data. Then cybercriminals demand payment for the encryption key. They will hold the computer system for ransom until they are paid. Of course, there’s no guarantee that they will provide the key once receiving payment.

Myth #3: Cybercrime is rare

Fact: Cybercrimes against businesses are depressingly common and the numbers are rising. Typically, we only hear about these types of crimes on the news when they are either very large breaches affecting many people, or when the disruption impacts our daily lives, such as gas prices rising in the wake of the Colonial Pipeline incident. But the fact is these crimes are happening with astonishing frequency and the problem is growing.

Myth #4: It’s expensive to protect yourself from cyberthreats

Fact: If you add in the cost of lost customers and reputation, it’s probably far more expensive not to protect your business. Businesses can take steps right now to better protect against cyber intrusions. Some of these steps are surprisingly affordable—some are even free.

Strengthen passwords

Cybersecurity experts continually point to weak passwords as a problem, and no wonder. Look up some of the most frequently used passwords and you’ll find examples such as: “123456” and “password.”

Button down your document control

Cybercriminals don’t just exist in faraway places. Some breaches start right in the office from lax behaviors such as passwords written on post-it notes tacked up to screens.

Restrict web browsing and update browsers to the latest versions

The internet is helpful for business, but allowing employees to visit any website can make your systems at risk. Some sites are full of malware that can end up on your computers.

Train your employees to recognize suspicious activity

Engaging in employee cybersecurity training might be the most important item on this list. As noted above, criminals are always evolving their tactics. Tricking your employees is one of the fastest ways to access your systems.

Anyone can be vulnerable, so make sure that every employee you have knows what to look for. It only takes one click of one link in what appeared to be a legitimate email to compromise your systems.

What is Cyber Liability Insurance?

Cyber liability insurance is business insurance to protect your company from the financial losses associated with a data breach or other types of cyberattacks. As noted earlier, almost every business presents some level of risk for cybercrime.

Talk to your insurance agent about your business’s risk level for cybercrime.

What can cyber liability insurance cover?

Recovering from a data breach or ransomware attack can be expensive. Depending on what type of information was lost, recovering from an attack can take a long time. Customers or vendors may sue if they believe the cyberattack happened because the business was careless. This could lead to legal action against the company.

These are the types of expenses that cyber liability insurance is designed to help cover.

There are two primary types of coverage: first-party cyber coverage and third-party cyber coverage.

First-party cyber liability

This type of insurance offers protection against losses that directly relate to your business. For example, if your company is victim to a ransomware attack, first-party coverage can cover the extortion payments and the cost of the investigation.

Third-party cyber liability

This type of coverage protects your business from the costs associated with any resulting lawsuits from vendors or customers that arise after a breach or ransomware attack.

How much does cyber liability insurance for businesses cost?

Unfortunately, because cybercrime is growing and costs to recover are soaring, premiums for this type of coverage are rising. The amount and type of coverage you need, along with the risk your business faces, will impact how much you will need to pay for cyber liability insurance.

Get your free quote and see if you could save

How can I get a quote for business insurance?

Your business can and should take steps to reduce your risk of a cyberattack or data breach. Train staff, update technology, and use extra security like multi factor authentication when you can. Talk to your agent or schedule a risk consultation with an experienced small business insurance agent today.

Disclaimer: 

All information provided in this publication is for informational and educational purposes only, and in no way is any of the content contained herein to be construed as financial, investment, or legal advice or instruction.

Guaranteed Rate Insurance does not guarantee the quality, accuracy, completeness or timelines of the information in this publication. While efforts are made to verify the information provided, the information should not be assumed to be error free.

Some information in the publication may have been provided by third parties and has not necessarily been verified by Guaranteed Rate Insurance. Guaranteed Rate Insurance, its affiliates and subsidiaries do not assume any liability for the information contained herein, be it direct, indirect, consequential, special, or exemplary, or other damages whatsoever and howsoever caused, arising out of or in connection with the use of this publication or in reliance on the information, including any personal or pecuniary loss, whether the action is in contract, tort (including negligence) or other tortious action.

Jennifer Phillips
Author

Jen is a freelance writer who writes about insurance topics including home, auto, and life insurance and insurance carriers. She provides insights about insurance to help customers make informed decisions about their insurance.

Dominic Tassi
SVP, Operations

Dominic Tassi has over 12 years of insurance experience and has been with Guaranteed Rate Insurance for over 10 years. Dominic graduated from Iowa State University, double majoring in Finance and International Business. Furthering his education, he received his master's degree from Write Graduate University in Transformational Leadership and Coaching.