We’ve been getting this question a lot over the last few weeks, so we thought it would be a good idea to post a blog about it. As businesses renew their business insurance coverage, they’ve been getting asked more and more questions about their cybersecurity. Let’s talk about why this is, and how your organization can navigate this without losing coverage or having your insurance premiums increase.
Why Does My Insurance Company Care About My Cybersecurity?
Each year, cyberthreats have been getting increasingly more common and more disruptive to smaller businesses. While most of us are used to hearing about cyberattacks that affect massive organizations, cybercriminals tend to target small businesses even more frequently. These attacks simply don’t get the news coverage, but they still have a massive impact on those who are affected by them.
For example, the average cost of a ransomware attack in 2023 was a staggering $4.35 million. That’s just the cost of the inconvenience—the downtime, the labor to get back to normal, the hit to your reputation, and so forth. The average ransomware payment to simply pay criminals to go away and relinquish your data was $812,360.
I don’t know about you, but I can find a lot of better ways to spend $812,360 in a single shot.
That seems to be the consensus with insurance providers too.
In fact, most insurance companies don’t include coverage for losses resulting from cyberattacks. In most cases, this is a separate type of coverage called cyber liability insurance. As a business owner, it’s definitely worth looking into if you don’t have it already, as these policies cover a lot of high-risk scenarios that aren’t covered under your general liability insurance.
Just look at the numbers above for the average ransomware attack in 2023. Taking measures to prevent these types of issues is extremely important for small businesses, and having cyber insurance coverage should you need it will make all the difference when your business suffers from a threat.
So to answer the question, the reason your insurance company cares so much about your cybersecurity, regardless of the policies and coverage you are actually purchasing from them, is due to the fact that cybersecurity is a big liability.
Cybersecurity issues are expensive, and suffering from a threat you weren’t at all prepared for can put your business in serious jeopardy.
Cybersecurity is a BIG Problem for Small Businesses
There is a big misconception hanging over cybersecurity. Many professionals look at cybersecurity as a problem for “the other guys.” They think their organization is too small, too rural, or too inconsequential to be a target.
The reality is that small businesses are targeted much more frequently than the high-profile attacks we see in the news. In fact, 46 percent of cyber attacks target small businesses, and that’s accounting for cyber attacks against individuals, large enterprises, the government, and beyond.
A staggering 88 percent of cybersecurity breaches are caused by simple human error. Thanks to cybercriminals capitalizing on this, cybersecurity can’t simply be dealt with by throwing money at the situation. Yes, there are technologies and best practices you should have in place, but a big portion of cybersecurity protection is based on policies, training, and awareness.
That’s why cyber liability insurance is important… but you aren’t going to get coverage unless your business is taking some basic steps to prevent data breaches and other risky threats.
What Sort of Cybersecurity Precautions Does My Insurance Company Want Me to Have?
This is going to vary depending on your insurance provider and your coverage options, but generally, your insurance provider will send you a list of questions about the following cybersecurity precautions:
- Strong password policies
- Multi-factor authentication
- Email filtering and spam protection
- The overall security of your website
- Web security and firewalls
- Secured, encrypted data backups
- Endpoint detection and response (EDR)
- Vulnerability management
- Security awareness training and testing
To add additional confusion to all of this, your insurance rep probably isn’t particularly well-versed in IT and cybersecurity. Depending on how well your insurance provider presents this information to you, you might initially have a different take on what they are actually expecting of you.
We’ve even seen situations where the business owner was pretty convinced that the cybersecurity measures only involved their website, and not the greater whole of their business.
We can’t overstate the confusion that this is causing for business owners, especially when their insurance coverage is on the line. We’re happy to help any business make sense of this—you can simply give us a call at (270) 282-4926 to book a meeting.
What Does My Business Need to Do to Remain in Coverage, Keep My Premiums Low, and Ensure I Get a Payout If/When I Need It?
It makes sense not to want to rock the boat when it comes to your liability insurance.
Yes, you want to keep your insurance premiums low. You want to keep your existing coverage. Most importantly, you want to ensure that your insurance actually covers your losses when you need it most.
All that is important, but here’s what I tell business owners when they ask CoreTech LLC about these new insurance requirements:
Let’s do what’s best for your business.
If you’ve made it this far, you probably understand that cybersecurity is definitely worth taking seriously.
It only takes one major ransomware attack to cause serious amounts of downtime and data loss. One bad threat could turn your business upside down and cost you thousands of dollars in damages, weeks and weeks of struggling to get your head above water, and months of struggling before you feel like you catch back up.
That doesn’t account for damages to your reputation, potential lawsuits, and other problems that have a snowball effect stemming from a single ransomware attack.
Our recommendation is to take this list from your insurance agent, and commit to it.
Yes, some items on the list are going to involve an investment in hardware and software, especially if you don’t have firewalls or a data backup system in place. There will be some investment, but most of it is about establishing policies and providing training to your staff.
At the end of the day, however, these expenses are commitments to the longevity of your business, and they are a better investment than keeping your organization open for risk and losing your insurance coverage.
Let’s Get Your Cybersecurity Under Control
Now is the time to protect your business from the constantly growing number of threats from cybercriminals. We bake cybersecurity into everything we do, and we’ve been providing protection to businesses throughout Kentucky and Tennessee to help them thrive in an increasingly dangerous landscape.
Don’t let your business become just another statistic. Give us a call at (270) 282-4926 today to talk about your cybersecurity.
