While the breaches at Target, the IRS, Chipolte and others made the news during 2017, small business breaches were up over 40% between 2015 and 2016 and doesn’t show any signs of letting up.
Given that, here are some reasons why small businesses should have cyber risk insurance.
#1 – Small businesses do not have as sophisticated defenses as large businesses. As a result, small businesses are an easier target for the bad guys. Small businesses do not have a full time cyber security team and often outsource IT completely with no one really directing that outside vendor unless something breaks.
#2 – Small businesses collect large amounts of personal data from their customers. While business owners may disagree with this, the reality says that there is a lot of data. There is also a lot of internal sensitive data like company credit card and personnel information. When customer or internal sensitive data is taken, general liability insurance will not cover either the expenses or the losses. Small businesses also do not have the sophisticated applications that large businesses use to protect that sensitive data.
#3 – Often, after breaches come and go, what follows is lawsuits. While lawsuits may ultimately be dismissed, the costs involved in defending your company are expensive and the lawsuits are distracting, so, in many cases, companies choose to settle. Recently, Avmed settled for $3.1 million, Schnucks for $2.1 million and Vendini settled for $3 million. While such a settlement would be petty cash to Target, it is a large check to write for a small business. In addition to writing the settlement check, the company also has to pay for their defense and, in many cases, the other side’s offense. That is a lot of money for small businesses.
#4 – The only things certain are death …. and cyber breaches … to paraphrase an old expression. While the exact numbers are debatable, the source article for this post says that more than half of small and medium businesses are out of business within six months of a successful attack. If a small business cannot recover from a ransomware attack, it could be toast. Lets say that number is wrong and it is only 25% that fail after a cyber attack – that would be devastating to the owners and the employees. And even if the company stays in business, its ability to operate may be seriously impacted as a result of the distraction, expenses, customer defections and legal costs.
Right now cyber insurance is reasonably priced. Not free, but usually affordable. And, for companies that practice good cyber security practices, the rates are often lower than for companies that do not have an active cyber security program.
Could your company afford to write a million dollar check after a cyber breach?
In addition, the insurance companies offer preventative services for free and cyber incident response services from a variety of vendors at negotiated rates.
Information for this post came from NoPa$$iveIncome .