As more small businesses adopt digital technologies and support a remote work environment, the number of entry points for a cyberattack are also on the rise. Bad actors have become more sophisticated, better at targeting, and more successful at wreaking havoc on companies of all sizes. Yet, studies show many small business owners still believe they are either not large enough to be a target, or can handle a cyber event with little to no disruption.
Cyberattacks are one of the fastest growing threats to small businesses in the U.S. It is estimated that 43 percent of all data breaches involve small and medium-sized businesses, most of which are not financially prepared for such attacks. This reality presents independent insurance agents with an opportunity to help protect business clients, and also to further their reputations as trusted solution providers.
Beyond a BOP
Most small- to mid-size business leaders don’t believe they will be targeted by cyber criminals. Those who do recognize some level of risk believe they’re covered because their business owners policy (BOP) includes cyber coverage.
But BOPs are far from adequate. They usually have only a $10,000 limit for data breach coverage and $25,000 for cyber liability, which is not sufficient for many breaches.
Cost estimates for cyber-attacks on small businesses vary, with the average financial cost ranging from $25,000 into the millions. Regardless of the final tally, the damage to small businesses can be catastrophic.
Cyber coverage should protect business owners if a data breach exposes confidential client or vendor information. This includes the costs to notify those (customers, vendors, etc.) whose information was involved in the breach, establish a call center for breach victims, restore data, replace equipment (as necessary), hire a public relations firm to manage the resulting business reputation damage, hire experts to determine how the breach occurred (often required by state or local law), and pay for credit monitoring, as well as other costs.
Cyber liability coverage is also key. This applies to the policyholder’s liability for damages that result from the breach – typically involving the theft of data stored by the policyholder. Small businesses should have coverage in the event assets are stolen from their bank accounts, a loss which may not be covered by the bank if the account holder is proven to be negligent in preventing the attack. Policyholders should also be covered for situations where a delay in the policyholder’s disclosure of a cybercrime occurs.
Additionally, there is the cost to the reputation of a small business that has its clients’ data breached. That cost is difficult to quantify. It can mean a significant loss of income due to trust erosion, and in some cases, the end of the business entirely as customers look for safer stewards of their data.
Finally, policies should offer professional liability protection should clients, vendors or anyone else impacted by the breach claim negligence by the small business. Such claims can result in large monetary awards granted through the courts.
Endorsements vs. Separate Cyber Policies
While a data breach or cyber security endorsement can expand existing coverage and offer a more attractive cost structure, these endorsements run the risk of being inadequate.
Specifically, endorsements can fall short because they are frequently designed to address only third-party claims that place liability on the policyholder. Stand-alone cyber insurance coverages may be a more costly up-front investment; however, they offer far greater coverage for the issues mentioned here.
Consider that In October, 2021, the Identity Theft Resource Center reported a 20 percent rise in the total number of cyberattack-related data breach events in the U.S., compared to 2020, which had set its own record for cyberattacks.
By ensuring clients have the right coverage based on their needs and potential exposure, independent agents can offer small businesses a path to help navigate a rising trend of cyber breach risks.