Why Do SMBs Need Cyber Insurance?

By Edward Canavan, ARM, AIC& John Young Aka JohnE Upgrade

As a Small to Medium-Sized Business, Why Do I Need Cyber Insurance?

Cyber insurance is essential to help defray the costs of a cyberattack and possible data breach. Below is a list of challenges facing SMBs today.

• 43% of cyberattacks are aimed at SMBs
• On average, a successful cyberattack will cost a business at least $200,000
• Over 60% of SMBs have experienced a data breach in the previous year
• Within six months of being breached, more than 60% of SMBs go out of business
• Less than 15% of small and medium-sized businesses have the cybersecurity resources to adequately repel hacker cyberattacks, and prevent a data breach

What are the Most Common Cyberattacks Facing Businesses Today?

Phishing, Ransomware, Fake Invoices, and Distributed Denial of Service are the most common Cyberattacks. Below is a list of each with a brief explanation.

Phishing Attacks

Predominantly an email scam, the target is pressed to feel that if they don’t urgently address an issue, something very bad will happen. The phish, or target, will be asked to click on a link that’ll eventually result in the installation of malware on their PC, thus allowing the hacker to gain administrator access to their system. Once they’ve achieved admin control of the victim’s PC, an attacker can take any number of nefarious actions against a company.

Ransomware Attacks

A ransomware scenario is one where an employee falls victim to an attack that enables a hacker to use encryption malware which make company records inaccessible. The records are unable to be read without an encryption key, which the hacker will only provide to decrypt the records if the company agrees to pay their ransom demand. A good example of a successful ransomware attack is those against hospitals, where the medical records of patients are locked until the hospital forks over money to the hacker for an encryption key to unlock them.

Fake Invoice Scams

These types of scams generally succeed as the result of a spear phishing campaign targeting a specific company employee, namely the one tasked with paying vendor invoices. Posing as a vendor of the company who’s seeking to be paid, a scammer emails the employee an invoice that can appear quite credible. The employee pays the invoice without thinking twice about it, because they don’t look too closely, and assume the invoice is a legitimate one for services rendered or products ordered by someone else in the company.

Distributed Denial of Service Attacks (DDoS)

This form of attack occurs when hackers target a company with the goal to flood its network with requests to the point that customers are unable to access services they’re paying for. Motivations behind DDoS attacks could come in the form of protest due to anger at a company’s position on a certain topic, revenge for a perceived slight by a disgruntled ex-employee, or money for a criminal organization to go away, and let the company conduct its business without further disruption. 

What does Cyber Insurance Typically Cover? Is it Affordable?

Listed below are typically available cyber coverages. Please keep in mind insurance limits and coverages can vary depending on the premium, policy, and cybersecurity preparedness of the company seeking insurance.

• Funds Transfer Fraud
• Cyber Extortion
• Breach Response
• Crisis Management & Public Relations
• Business Interruption
• Digital Asset Restoration
• Network & Information Security Liability
• Regulatory Defense

Please Note: Most cyber policies can be purchased at a cost comparable to a general liability policy.  This is based on the Insured Company’s loss history and other risk factors.

What Expert Resources are Available?

Edward Canavan, ARM, AIC Cyber Insurance Producer, and John Young Aka JohnE Upgrade, a Corporate Cybersecurity Consultant with over 35 years of experience in the field. Canavan and Young are ready to perform security assessments, determine a vulnerability rating, analyze corporate policies and procedures, verify existing network configurations, provide employee cybersecurity awareness and scam avoidance training, and are able to assist companies in securing the best cyber insurance coverage they can possibly receive for the most reasonable premium available today!