Back to Blog

Cyber Attack Insurance FAQs

By: Lisa DoVale-Fonseca, CISR, CRIS, PWCAM

I’m passionate about providing the best possible experience I can for my clients. Lisa has worked in the insurance industry for over 30 years.

Cyber attacks on small businesses aren't always this obviousUPDATE: The COVID-19 pandemic has increased the risk of cyber attacks on organizations of all sizes, especially as some 56% of employees are now working from home.  According to Security Magazine:

  • 25% of workers don’t know which security protocols are in place on their devices
  • 20% said their IT teams did not supply ANY security tips for remote work
  • 75% said they always/usually follow the company’s cyber security advice and protocols, leaving 25% who… don’t.

So how thorough is your organization’s cyber risk management plan? We encourage you to call us with any questions you have—even if you aren’t a C&S client—at 508.339.2951. Your data security is too valuable to ignore.

What is a cyber attack?

A cyber attack is a type of computer crime. It’s a deliberate attempt to do any of the following:

  • Gain unauthorized access to a computer network or online accounts
  • Steal information (passwords, identity data) from an individual or a company
  • Disrupt an operating system (by installing ransom ware, spyware, or computer viruses)

The end goal for cyber criminals is usually monetary gain. But when it comes to cyber attacks on businesses, the collateral damage often costs as much as any amounts stolen, by creating serious business interruptions and compelling owners to make things right again with customers who were affected. Experts estimate that recovery from a small business data breach can cost between $36,000 and $50,000.

How common are cyber attacks on small businesses?

Cybercrime is on the rise. Every year thousands of companies are the victims of cybercrime—including phishing scams, malware attacks, and ransom ware attacks. Surprisingly, more than 40% of cybercrimes target small businesses specifically. And according to a recent report, 45% of small business owners have already been the victims of cyber attacks… without even knowing it.

Is my business at risk for a cyber attack?

Your business may be a target for cyber criminals if you do any of the following:

  • Accept credit card/debit card payments.
  • Store customers’ personal information on your network or in the Cloud.
  • Perform work for larger organizations (hospitals, retailers, or financial services firms) whose networks can be hacked via your email communications.

In short, pretty much any type of small business can be a target.

What can I do to protect against a cyber attack?

Your first line of defense should be a dedicated IT person or outsourced IT team, who will own the responsibility of data security for your organization. This is a big job—not something to delegate to your summer intern or office manager. In addition to monitoring your network, a cyber security expert should provide you with policies and proactive steps that all company employees must follow. These might include guidelines on how to access company data on mobile devices (when employees are working in the field), or how store passwords.

Purchasing cyber insurance is another proactive step that should be researched and completed as soon as possible. Every business should have this coverage.

What is cyber insurance?

Cyber insurance can protect your business in a variety of ways. There are two main types of coverage: first-party coverage (for any attack-related expenses that your business incurs–see examples below) and third-party coverage (mainly for IT companies and contractors who are responsible for the safe storage of data). So, for example, if you run a technology company and one of your clients experiences a data breach or malware attack, you could file a third-party cyber insurance claim for failing to anticipate/prevent security problems.  Again, your coverage needs and limit amounts will depend on the type of operation you run. Different insurers use different terms to label the various types of protection, but essentially cyber insurance addresses five types of exposure:

  • Loss of data

Yes, your business owner’s policy covers your physical computer equipment, but not the information it contains. If you lose all your records (customer accounts, design files, contracts, templates, etc.) it could be very expensive to pick up the pieces.

  • Lost profits after a business interruption

How much money would your business lose if your computers were frozen for a day, due to a virus or ransom ware attack? What if they were down for a week or more?

  • Cost to investigate and inform customers

Most small businesses don’t have in-house access to sophisticated cyber forensics. Instead, you have to pay contractors to assess what went wrong. Meanwhile, you are required by the Data Breach Notification Law to report any incidents wherein consumer data was compromised. The right insurance will help you pay for response services and coordination, including—if necessary— subsequent credit monitoring and credit reparation for all those affected.

  • Cost of legal defense or legal advice

Legally speaking, how should you proceed after a cyber attack? It’s a lot easier if you can afford to hire expert counsel.

  • Cost of fines and penalties

If you fail to inform your customers and make reparations in a timely, legally-compliant way, you may be on the hook for hefty fines.

  • Costs associated with damage to your brand reputation (PR expenses)

Bad press can come in many forms. Even if your business’ cyber attack doesn’t make the six o’clock news, your customers will hear about it… and so will their friends, family, neighbors (i.e. potential referrals). It makes sense to hire a professional team, to help restore confidence in your brand.

Can cyber insurance help my business before an attack?

Yes! Depending on the policy you select (our agents can present different options); you may have access to risk audits and cyber security recommendations, to prevent attacks from happening in the first place. Some carriers also offer employee training support, which is key, since research shows approximately 80 percent of cyber incidents occur as a result of employee behavior.

How do I get a cyber insurance quote?

Our Mansfield insurance team can get you a cyber insurance quote in about five to ten minutes. The quoted price won’t be a guaranteed premium, but it will give you a ballpark idea of how much you might pay for the recommended coverage. Get your estimate today: 508.339.2951.

By: Lisa DoVale-Fonseca, CISR, CRIS, PWCAM

I’m passionate about providing the best possible experience I can for my clients. Lisa has worked in the insurance industry for over 30 years.

Ask the right questions before choosing a MA commercial insurance agent.
Get the Ebook