The numbers should frighten any small business owner: According to a study released in October by the National Cyber Security Alliance, 28% of surveyed small businesses suffered an official data breach during the 12 months preceding the alliance’s research.
And when small businesses experience a data breach that exposes the personal and financial information of their customers? The results are often dire.
The alliance said that 69% of small businesses went offline for a limited time following a data breach and 37% suffered a financial loss. Even worse, 25% of small businesses filed for bankruptcy after a breach while 10% went out of business.
To protect themselves, then, business owners need to invest in a cyber liability insurance policy. Such a policy covers financial losses stemming from data breaches and other online events. If a cybercriminal steals your customers’ Social Security Numbers or passwords and sells them on the Dark Web? A cyber liability policy will protect you. If one of your employees disparages a rival business on social media and that business sues? A cyber liability policy will help cover the costs of defending yourself.
And, yes, cyber insurance isn’t free. It’s yet another cost involved in running a small business. But skimping on a policy can cost you. AppRiver found in its third-quarter Cyberthreat Index for Business Survey that it costs small or medium businesses an average of $149,000 to recover from a data breach.
Why your business needs cyber liability insurance
Say you discover that the personal and financial information of your customers has been exposed in a data breach. What happens next?
You’ll first have to determine what data has been exposed. Have criminals stolen Social Security numbers or bank account information? Or have they stolen the birthdates, passwords or addresses of your customers?
You’ll next have to contact those customers whose information has been stolen. And you’ll have to make sure to follow state and federal regulations regarding notifications while doing so.
You’ll need to hire technicians or rely on in-house staff, to restore your business’ computer systems and recover any information that was stolen. You’ll certainly need legal advice, too. Those customers whose information has been exposed might sue your business.
You might even need to invest in a public relations campaign to help restore your business’ reputation and ensure customers that you’ve taken steps to prevent another data breach from occurring.
None of this is cheap. The costs involved in recovering from a cybercrime could devastate your business’ budget for the year. It could even force you to close.
Investing in a cyber insurance policy can help you cover these expenses and keep your small business open, and luckily a number of companies offer policies, such as Travelers Insurance, Chubb Corp., American International Group, Hartford Insurance and CAN, as outlined in a report by insuranceQuotes.com.
What you should consider when shopping for cyber liability insurance?
Once you’ve made the decision to invest in cyber liability insurance, you’ll need to find the policy that best fits your business. This will take some research on your part.
Start by looking at your business. What personal and financial information do you collect from your customers? The more valuable that information — such as Social Security numbers, birth dates and credit card numbers — the more important it is to invest in a strong cyber insurance policy.
You’ll also need to research any policy you might purchase, to make sure it provides adequate compensation should a data breach or cyberattack disrupt your business.
For instance, you want to be certain that your cyber liability insurance pays for remediation services.
What are these services? After your business suffers a data breach, you’ll need to pay security experts to clean your computers of any malware or viruses. You’ll also want security experts to restore your infected computers and build a stronger layer of security to protect you from additional cybercrimes.
These services are costly. A cyber insurance policy can help cover these costs for you so that your business will be better prepared to fend off cybercrimes in the future. Without a policy, you might not be able to afford these services without taking a serious bite out of your company’s yearly profits.
Business continuity coverage is another key provision that your cyber liability policy should include. This coverage will reimburse you for any losses you suffer if your small business needs to shut down, even for a brief period, after a data breach or cybercrime.
Say you need to shut down your medical records business or financial planning company for two weeks while your computer systems are scrubbed and restored. The business continuity coverage of your cyber liability insurance policy will reimburse for you the lost business you suffered during this period.
This coverage could be a key factor in whether your business turns a profit in the year of a cyberattack or even stays open.
Your policy should also cover the costs of recovering from an attack or breach. After a data breach, you’ll need to contact any customers whose personal or financial information was exposed. Make sure your cyber liability policy covers the cost of reaching out to customers, providing them with free credit-monitoring services — as many businesses do after a data breach — or even setting up a call center to handle calls from impacted clients.
Depending on the severity of your business’ data breach or cyberattack, its reputation might suffer, too. Potential customers might be hesitant to do business with you for fear that their personal information might be exposed or stolen.
A cyber liability policy should reimburse your business for the costs of rebuilding its reputation. You might need to hire a public-relations firm to rebuild your brand. You might also need to rework your company’s marketing materials to emphasize the steps you’ve taken to protect customers’ information. A good cyber policy will cover the costs involved in these marketing efforts.
And you’ll certainly need reimbursement for legal expenses. It can be costly to defend yourself against lawsuits brought on by customers whose information was exposed or stolen. These legal costs could be enough to shut down your business.
That’s why you want to invest in a cyber liability insurance policy that covers the costs of defending yourself from lawsuits. This protection could mean the difference between your business surviving or shutting its doors.
What rules should you follow?
Taking out a cyber liability insurance policy is just the first step in securing the financial protection your business will need if it suffers a data breach. You must also read your policy’s fine print to make sure you’re taking all the steps necessary to keep that policy in effect.
Every cyber policy is different. Some might require that your business undergo regular cybersecurity audits, in which tech professionals review your business’ computers and operating systems to make sure they are fully protected by security software.
Other policies might require that you regularly update the anti-virus programs on your computers. Others might state that you must back up your business’ key data.
If your policies have such regulations and you don’t follow them? You might not receive financial compensation after a cyberattack or data breach. Make sure, then, that you know exactly what your policy requires of you and your business.
What other steps should you take to protect your small business?
Investing in a cyber liability insurance policy is an important step in protecting your business from hackers and data breaches. But it’s not the only one. There are other steps you should take to help keep your customers’ personal and financial information safe.
First, install the latest security software on your computer systems. This software will help keep malware and viruses away from your computers and provide an additional layer of protection for your business’ most sensitive data.
Secondly, train your employees on how to recognize phishing attacks and other scams. Criminals often nab personal and financial information by tricking employees into giving it up voluntarily. Some criminals will pose as high-ranking officials at a business and send email messages seeking key information from a business. Your workers, thinking they are following the directives of one of their bosses, might happily give up that information.
Others will trick employees into clicking on links that install malicious software on your company’s computers. Still, other cybercriminals will use email messages to persuade your business’ employees to send the financial information of customers directly to them.
The best way to protect your business? Train your employees to recognize possible scams or cyberattacks, protect your computers and operating systems with security software and invest in a cyber liability insurance program. Anything less and you’re putting your business and it’s future at risk.