The figures don't lie. Small businesses have become big victims of cybercrimes. According to Symantec research, more than 40 percent all cyberattacks are directed at companies with less than 500 employees and the cost of cyberattacks on small businesses totaled $188,242 last year.
Data also showed that almost 60 percent of small businesses closed within six months of a cyberattack.
Luckily for small businesses, they are not alone in the fight against cyberattacks. Cyberinsurance has grown in recent years in an attempt to help businesses survive the risks and problems that come with data breaches and cybercrimes. Below are all the things you need to know about cyberinsurance to keep your business protected.
"We started to realize when it comes to data breaches, that small businesses were as exposed and even at times even more exposed than large businesses," Matt Cullina, CEO of IDT 911, an expert data breach firm, told BusinessNewsDaily. "Small businesses are focused on the bottom line and keeping customers happy and may be not as focused on data protection. That is where we saw a need to start focusing with insurance companies to build policies for small businesses."
What is at stake
"First and foremost this is a reputational risk," said Cullina, who has built cyberinsurance policies for a range of small and large businesses. "The reputation of a business is at stake. Should I trust you with my most sensitive information as a customer if you are not going to protect it well? It really goes to the core of small businesses, which survive on reputation. Data breaches are the biggest emerging risk of the 21st century for these businesses, and there is not coverage for this under standard business policies today."
What it covers
Coverage under cyberinsurance aims to help small businesses prevent and deal with attacks if they should happen. As larger companies step up efforts to fight cyberattacks, small businesses have fallen behind and become the targets, according to Cullina.
"It started out being focused on data breaches and first party coverage, to provide the insured with expense reimbursement to pay for the expenses of a data breach while also providing them with experts to help them through the issue," said Cullina. "It was remediation coverage for when a data breach occurs. Now more and more carriers are adding liability coverage in the case that the business were to be sued or if there was a threat of a lawsuit as a result of that data breach."
Beyond that, cyberinsurance policies can help small businesses find an attorney specializing in cyberattacks, deal with regulators and cover the cost to fix the problem. Policies can also help small businesses deal with the response of customers and cover the cost of mailings alerting customers of the breach.
How it helps
The real importance of cyberinsurance comes when looking at helping businesses get through the unknown of a cyberattack, according to Cullina.
"We see it every day when we help businesses; this is not something they are familiar managing," said Cullina. "This is not their business, and it takes them offline for their core operation. Distraction is a major issue if a company thinks they can take on a data breach on their own. Timing is a real issue once a business discovers data has been exposed."
With different laws in different states, timing can be the difference between a quick recovery and a potential lawsuit. According to Cullina, the quicker you respond, the better it is for your business.
What it costs
"The carriers have a whole spectrum of things they have done so far," said Cullina. "It is really a new offering in the small business world, having started around 2007 and 2008. Carriers are offering limits of $25,000 or $50,000 in an introductory type limit and then selling higher limits if the business wants to buy more. Some carriers are spreading this coverage across all their policies so all policyholders have access. Others are selling it as an optional coverage in addition to the normal commercial package."