Small businesses are at ever-growing risk for cyberattacks. To put it into perspective, consider the average data breach. Data-analytics company Statista reports that the average cost of a business data breach in the United States was $9.44 million in 2022. Data from IBM indicate that in 2022, it took an average of 277 days for a business to identify and contain a breach. For many businesses, that kind of loss would be a death knell, unless they had cyber insurance.
Cyber insurance is growing and changing to adapt to the constantly evolving threats of working in cyberspace. Currently, two main categories of business coverage are available: data breach coverage and cyber liability insurance. Keep reading to learn the basics of each type of coverage. Your agent can help you determine what types and amounts of coverage will best protect your employees, customers, and company assets.
Data breach coverage usually encompasses the following types of expenses:
- Costs to notify employees and customers whose data have been compromised and the cost of offering credit-monitoring services
- Forensic investigation expenses
- Costs to recover or replace lost or stolen data.
- Cyber business interruption and additional expenses related to a breach, which could include replacement of income lost while recovering from a ransomware attack
- Adding extortion coverage is often another option, to cover the ransom amount you paid to gain access to your data if it was held hostage.
Additional data breach expense coverage can include the following:
- Costs for legal advice as well as public relations efforts to restore your company’s reputation
- Financial reward for informants providing information leading to the capture and conviction of a hacker
- Data breach investigation expenses resulting from a regulatory investigation
- Cyber theft for loss created by misdirected payment fraud (where thieves divert money or property via email, fax or telephone); computer fraud (financial loss from unauthorized money transfers from your bank to another person or entity); telecommunications fraud (charges incurred through unauthorized access to a company’s telecommunications system)
Cyber liability insurance is a separate policy, often for businesses that handle larger amounts of client and partner data, such as the private health data of patients in a medical practice or personal and financial data from customers of a financial services organization or IT service provider.
The policy usually includes the data breach risks above, but on a larger scale. It will most likely also cover expenses including regulatory fines; legal services required to meet regulatory compliance with government entities; and lawsuits by employees or customers related to privacy and data security.
Policyholders often have access to extra benefits attached to data breach coverage and cyber liability insurance. These could include coverage for features such as access to an emergency hotline to assist with data breach response; resources designed to help companies train employees; and costs of upgrades to improve system security for the future.
Other add-on coverage options can include identity recovery for business owners and/or employees.
Choose the right cyber insurance plan
The right cyber coverage can make a big difference as to how well your business may recover from a cyberattack. Contact your Bradish agent to discuss the kinds of risks your business faces and get the help you need to activate the most effective level of cyber insurance protection for your company.
by Kris A. Mainellis