You’ve all heard the stats – small businesses are the #1 target for cybercriminals because they’re easy targets, with a recent article in Security Magazine reporting that nearly two-thirds (63%) of small businesses have experienced a cyberattack and 58% an actual breach. But what many still don’t understand (or simply don’t appreciate) is how much a cyberattack can cost you.
That’s why one of the fastest-growing categories in insurance is cyber liability. Cyber liability covers the massive costs associated with a breach, which may include the following, depending on your policy:
- Legal fees to handle any number of lawsuits, including class action litigation against your organization, as well as fines and penalties incurred by a regulatory investigation by government and law enforcement agencies.
- Negotiation and payment of a ransomware demand.
- Data restoration and emergency IT fees to recover your network and get it operational again.
- Customer notifications and credit and identity theft monitoring for clients and employees.
- Public relations expertise and call center costs for taking inbound calls and questions.
- Loss of revenue related to being unable to transact; if your operations and data are frozen, you might not be able to process sales and deliver goods and services for days or weeks.
- Errors and omissions to cover liability related to a failure to perform and deliver services to customers, as well as allegations of negligence in protecting your customers’ data.
But here’s what you need to know: In order to get coverage, businesses are required by insurance companies to implement much more robust and comprehensive cyber protection. Obviously, the insurers want the companies they are underwriting to reduce the chances and the overall financial impact of a devastating cyberattack, so they don’t have to pay out – and this is where you need to pay attention.
MANY business owners are signing (verifying) that they DO have such policies and protections in place, such as 2FA, a strength of password requirement, employee awareness training, data recovery and backups, but aren’t actually implementing them because they assume their IT company or person knows this and is doing what is outlined in the policy. Not so in many cases.
Unless cyber security is your area of expertise, it’s very easy for you to misrepresent and make false statements in the application for insurance, which can lead to your being denied coverage in the event of an attack and having your policy rescinded.
If you have cyber liability or similar insurance policies in place, I urge you to revisit the application you completed with your IT person or company to make absolutely certain they are doing everything you represented and affirmed you are doing. Your insurance agent or broker should be willing to assist you with this process since your IT company or person cannot be expected to be an insurance professional who knows how to interpret the legal requirements outlined.
What’s critical here is that you work with your IT company or person to ensure 100% compliance with the security standards, protocols and protections you agreed to and verified having in place when you applied for coverage. IF A BREACH HAPPENS, your insurance provider will NOT just cut you a check. They will conduct an investigation to determine what happened and what caused the breach. They will want to see tangible evidence and documentation that proves the preventative measures you had in place to ward off cyberthreats. If it’s discovered that you failed to put in place the adequate preventative measures that you affirmed you had in place and would continue to maintain on your insurance application, your insurance company has every reason to deny your claim and coverage.
If you have ANY concerns over this, including whether or not you need coverage, whether your coverage is sufficient, and whether you are doing what you need to do to avoid an insurance denial, click here to schedule a quick consultation to discuss your current situation and to receive a referral to a cyber insurance expert we recommend.
Further, if you would like us to conduct a FREE Cybersecurity Risk Assessment to show just how secure and prepared you are for ransomware or a cyberattack, we can discuss that, too! Just click here to schedule a phone consultation.