Yes, there's one more thing you need to worry about as a small- or medium-sized business owner, and it's not the fact that you could be targeted by cybercriminals as cybercrime continues to rise.
It's insurance.
You already know about insurance policies that cover fire or water damage. Now, you need to think about buying insurance that covers you if you fall victim to a cyber attack.
It goes by a variety of names – cyber risk insurance or cyber liability insurance coverage, for instance. Whatever it's called, its purpose is to help a business deal with the costs associated with recovering from a cyber security attack. Believe it or not, those costs can become insurmountable very quickly. You might have to pay to hire a special team of technology experts, new computers, and new software. Your business might have been humming along quite nicely. But, the financial strain of dealing with an attack can put your business over the edge.
Like any insurance, you don't ever want to have to use the coverage! But, investing in the right policy is definitely worth your time and money.
According to a report by PWC, "cybercrime costs the global economy more than $400 billion a year...." Can you believe that only a third of American businesses have cyber insurance? Most of those companies are larger corporations although almost half of all phishing attacks are directed toward small- and medium-sized businesses. The criminal element out there in the online world is pretty sure that your security systems are inadequate or non-existent if you're a smaller operation. Take a look. Are they right?
What Does Cyber Insurance Cover?
Insurance policies should be customized according to your business needs.
So, sit down with your insurance professional, and don't sign anything until you've discussed all the scenarios. As a general guideline, make sure you at least consider the following:
Investigation. Once your business has been attacked, you're going to need a tech professional to go back in time to figure out what exactly happened. That team or individual will need to determine exactly what kind of attack your business sustained; what's been lost; why the breach happened; how the breach happened; and ultimately, how to repair any damage that your business sustained.
Losses. A cyber attack can be as damaging (if not more damaging!) than a physical attack on your property. Ask each insurance company you interview whether the policy will cover these areas:
- Errors due to negligence: if an employee sends a confidential document to the wrong person.
- Financial losses due to downtime: You can't do business if your computers are down.
- Data loss recovery: You'll need a team to recover or redo all those files full of client information.
- Repair a damaged reputation: Whether the breach was your fault or not, your clients may no longer trust you.
Privacy and communication. Cyber breaches happen. How you deal with them can make the difference between rising up or falling behind. You'll need an insurance policy that allows you the financial ability to implement a privacy and communications plan. In other words, in this worst-case scenario, you will need to pay for the time and resources it takes to send out notifications to clients, conduct increased credit monitoring, follow the data trail so that you know whether your clients' private data has been compromised or how it might be used.
Lawsuits and extortion. Yes, we have to consider the fact that dealing with a cyber-attack may not be your only worry. Your clients may want to sue you, and the cybercriminals may want to extort money from you in exchange for the stolen data. You may also need to hire a team of lawyers, pay a settlement to those affected, or pay regulatory fines.
You see where this is all going. Cyber-attacks affect every level of your business.
Cyber Insurance: Where to Begin?
As we've suggested above, sit down with your insurance provider and have a long talk. It's true that cybercrime is evolving very quickly, and insurance companies have not completely come on board. Regardless, you should be able to purchase a product that serves your needs. If your current insurance provider can't help you, find one that can.
Look for an insurance provider that will allow you to customize the coverage to your own specific needs. Compare deductibles. Most importantly, ask the insurance provider to let you in on all possible limitations to the policy. The absolute last thing you want is to ask your insurance agent for help in the middle of a crisis and be told that your policy does not cover whatever has happened to you.
Find out if the policy will cover all kinds of attacks whether they are targeted, accidental (like ransomware attacks), or non-malicious (like that confidential file an employee sent to the wrong person).
Wait... I Use Cloud Hosting - Do I Still Need Cyber Insurance?
Should I still get covered by cyber insurance? The short answer is yes. After all - it's always better to be over-prepared than under-prepared, right?
Although the best cloud hosting providers take extraordinary measures - such as implementing network segmentation and other deeper security strategies - to help keep your data safe, unfortunately, even the best security systems can be penetrated as cybercriminals evolve their tactics. With this in mind, it's important to work with your managed application hosting company to do what you can to help keep your data safe, and getting cyber insurance from an authorized provider is an easy way to reinforce your peace of mind.
Interested in learning more about secure data protection in the cloud? Contact one of our expert hosted QuickBooks and Sage hosting specialists: 888-244-6559.
If you're looking to sign up for cyber insurance, we recommend reaching out to an authorized cyber insurance company - you can find a list of insurance companies that offer cyber insurance in the US and/or Canada here.