Cyber Insurance

The SMB owner’s introduction to cyber insurance

It’s predicted that the annual cost of cybersecurity crimes will reach $6 trillion by 2021. You read that right—“trillion” with a “t.”

If you’ve somehow missed the slew of cyber crime headlines in the last few years, that number may come as a stark wake-up call. But even if you were already aware of the serious probably cybersecurity poses for businesses of all sizes, you may not have known it’s that big a problem.

Here’s the good news. There’s a lot you can do to protect your company. In this article, we’re going to explore one more way to keep your data and your bottom line safe: cyber insurance.

Back in 2011 . . .

That was the year Sony Playstation was hacked. Personal information for their customer base was exposed. And, as it turns out, the ensuing legal battle had implications for every business owner.

Sony claimed their insurance provider, Zurich America Insurance, was liable to cover the cost of the breach. Zurich pushed back. It went to court. The end result?

In the succinct words of Business Insurance, “Zurich America Insurance Co. is not obligated to cover Sony Corp. of America for litigation related to the 2011 hacking of its PlayStation Network . . .”

And just like that, legal precedent was set. Standard business insurance does not cover cyber security risks. If you want protection from potential data breaches, you need cyber insurance.

What most SMB owners don’t know

We spoke with Jeff Eiserman, a Risk Advisor at Ollis/Akers/Arney. Eiserman also participates in training sessions for SMB owners regarding their risks and insurance coverage.

When asked, “Do you find that most business owners mistakenly think their general business insurance will cover them for data breaches,” he simply answered, “Yes.”

That’s both alarming and sobering. Alarming because it means most SMB owners are dead wrong. And sobering because it means most SMB owners are operating without cyber insurance—which they most likely need.

How to get the right coverage

So if your business needs cyber insurance, how do you go about getting it?

Eiserman cautions that it’s a complex process that warrants your full attention. “Just because you have a cyber insurance policy does not mean you’ll have coverage for every kind of breach.” Like other forms of insurance, coverage varies wildly by policy. There’s no simple solution.

Eiserman advises small business owners to stick to two tips when shopping for cyber insurance.

1. Know who you’re working with.

Cyber insurance can be purchased directly from an agent representing the cyber insurance provider or through a broker. Either is fine. The important thing is making sure that person really knows their stuff.

How do you do that? “You have to ask questions,” Eiserman says.

For example, if your agent or broker just wants to talk quotes instead of engaging you in a fairly thorough consultation process, that’s a huge red flag. You can’t be sure you’re getting the right cyber insurance coverage without consultation. There’s just no way.

2. Be directly involved.

Eiserman always tells SMB owners to “be an engaged buyer.”

What does that mean? It means you, as the owner of the business, need to be directly involved in this process.

There are plenty of other times when it makes sense to delegate. This is not one of them. As Eiserman points out, no one else in your organization will have the same level of commitment to the business.

That commitment will prompt you to ask questions others might unintentionally gloss over.

Yes, you probably need cyber insurance

As our conversation wound down, Eiserman reflected on the overall idea of cyber insurance by observing, “If you’re not properly insuring against risk, you’re self-insuring.”

In other words, without the right cyber insurance policy, you’re on the hook if there’s a data breach.

According to Eiserman, most SMB’s will spend as little as $1-2K annually on a solid cyber insurance policy. Given the potential monetary impact of just one breach, that’s peanuts. This is coverage you want and, frankly, need.

If you’re convinced but unsure of what to do first, we recommend contacting your managed IT services provider. They’ll likely be able to point you in the right direction, as they’re already well versed in your network and security needs.