No one wants to focus on worst-case scenarios or all the ways a situation can go wrong. It’s uncomfortable. Buying insurance makes us consider those things, so we tend to avoid it. We’re fine! Everything’s fine! It’ll probably continue to be fine!
But if things aren’t fine, we’ll want that insurance.
When it comes to cyber insurance, many small and medium-sized business owners put off investing in insurance because it feels like an unnecessary expense. If you’ve never experienced a cyber incident, it’s easy to believe that trend will continue. If your company is small, it’s easy to believe you won’t be targeted.
The reality is: Your business is not too small for a cyberattack.
And cyberattacks are hitting businesses at an alarming rate. Even businesses that have never been hit before.
“With a majority of the global workforce working away from the secure confines of a corporate network, 2021 was one of the most active years for cyberattacks. According to Check Point Research, cyberattacks increased 50% year-over-year...A company falls victim to a cyberattack every 39 seconds, and more than 60% of organizations globally have experienced at least one form of cyberattack.” via spanning.com
Small businesses are particularly vulnerable since they often lack proactive and responsive IT support, and their smaller budgets make it challenging to recover. Sixty percent of small companies close within six months of being hacked.
The point: Cyber insurance is vital. And it could mean the difference between recovering from a cyber incident and closing your doors.
Tips for Buying a Cyber Insurance Policy
- Get Cyber Insurance
The first step is to make the decision to get cyber insurance. This isn’t a superfluous 1-year warranty on a bluetooth speaker; it’s your business.
“Insurers don’t tell us to do those things just so we have another thing to add to our checklist,” said Julian R. Sylvestro, Hylant vice president, said. “They do it because they don’t want to have to deal with a loss and our clients don’t want to have to deal with a loss.”
Save yourself the future headache and risk, and make the investment.
- Conduct a Risk Assessment
Understanding the vulnerabilities in your IT infrastructure is an essential task that should be revisited regularly. An assessment will pinpoint where your risks lie and provide valuable information for a risk management plan and security improvements before applying to an insurer.
- Implement Security Plan and Improvements
From updated antivirus and firewall to security monitoring, backups, and developing a disaster recovery plan – use the risk assessment to guide changes and improvements. This also includes educating your team about multi-factor authentication, secure passwords, and how to spot and avoid a phishing attempt.
- Understand Your IT AND the Questions in the Application
Your team should be well-versed in every aspect of your IT and understand the questions in the insurance application and how to answer them. If you’ve conducted a risk assessment and implemented improvement and security strategy, your team should be ably informed. If that’s not the case, hire an expert to help. The answers you provide to the insurer need to be accurate, as they greatly influence your company’s approval and the cost of the policy, not to mention whether your claim gets paid should you need to file one.
Cyber Insurance Mini Case Study
We’ve encountered clients who came to us after facing issues with cyber insurance. One in particular highlights how important it is to complete the insurance application accurately.
An oil and gas company went to renew their cyber insurance policy (cheers to them! They had a policy!). This time, many additional questions came up that weren’t on the application previously. They decided they’d fill out the questionnaire themselves the best they could. The result? A quote that was 2,200% higher than the year before. That’s not a typo. 2,200%!
Turns out, they didn’t know how to answer many of those new questions, which greatly affected their cost. They knew they had updated antivirus and a firewall, but beyond that, they weren’t 100% apprised of their infrastructure or how to properly answer the questions they were being asked.
On top of that, cyber insurance rates for oil and gas industry companies have gone up in recent years, largely in response to the Colonial Pipeline hack in early 2021. Industry liability is up for everyone.
We stepped in to help by filling out the cyber insurance forms and with complete information, their quote came down drastically – from a 2,200% increase to a 200% increase (remember what I said about increased liability across the board!)
Cybersecurity is an increasing problem for nearly every industry and companies of all sizes. Ransomware has made cyber insurance harder to buy for every business. A significant uptick in both the frequency and the value of customer claims means cyber insurance is more challenging to get – premiums are high, and some customers are being denied.
We would advise you to invest the time to assess and secure your IT before you apply – doing so will dramatically reduce your risk of experiencing a cyber incident in the first place. Still, it’ll be a relief to have insurance if you do.
Not sure where your company’s IT security currently stands? Reach out to us for a security assessment. We’re happy to assess and develop a plan to make you more secure.
Modern businesses rely on automation every day. Here are three of our favorite tools for helping our clients automate tasks and be more productive.
IT is no longer for geeks only! It's important for business leaders to understand the elements of IT that can make or break a business. IT is not only about internet connectivity, computer networks, and servers… it does include those things, but there are important strategic considerations to make as a business as well.