Small Business Cyber Insurance

With broader recognition of the risk, a growing number of small businesses are exploring the need to protect themselves with cyber liability insurance customized to their needs.

Cyber liability insurance is designed to provide funds to help your company operate in the short-term aftermath of a cyber breach or significant data loss. In addition, some policies include training and loss-control measures to help reduce the risk of a breach, or to mitigate the effects if a loss occurs.

Understand the Risk

Cyber coverage is important for companies of all sizes, in spite of the perception among some small business owners that their comparative low profile makes them immune to cyber losses. In fact, most small businesses probably have higher cyber risk than their larger counterparts because they’re less likely to invest in expensive protection measures or to have dedicated IT staffers shoring up their online defenses.

In addition, smaller companies often have online connections to their larger business partners, which can make them a comparatively easier way for hackers to breach large organizations by first attacking their smaller partners.

Another common misperception is that a company’s general liability policy (typically purchased through a business owner’s policy or BOP) will offer sufficient protection, even though cyber-related risks are excluded from BOPs.

Cyber insurance is offered as an endorsement to a general liability policy, or as a standalone policy designed for companies with more complex needs.

What’s Covered

Depending on the policy you select, cyber liability insurance can cover a variety of direct and indirect costs associated with a cyber loss. These may include:

  • So-called ransom to recover stolen or encrypted data.
  • Negotiation and recovery services after a ransomware attack.
  • The costs of notifying customers of a breach or providing post-breach identity monitoring services.
  • Lost sales resulting from a cyber-related business interruption.
  • Legal fees.
  • Investigation and data recovery costs.
  • Third-party losses resulting from a breach at a service provider.

Specific coverages and premium prices vary by a company’s industry and the types of data it handles. For instance, a software developer or ecommerce provider are likely to pay more for the coverage than a bakery or real estate firm.

Cyber policies may also include risk management services such as awareness training (delivered online or in-person as a company workshop), network security reviews and data protection services. These measures, like property inspections and similar loss control services, can play a role in reducing the cyber risks that too many small businesses overlook.