Does Your Business Need Cyber Insurance?
Just how important is cyber insurance for protecting your small business against loss and liability? With 66% of Canadian organizations expecting their cyber budgets to increase in 2022, it’s worth finding out.
Cyber insurance is designed to cover everything from defamation to business interruption. The risks you’re most likely to encounter, however, are data breaches (the theft or unintentional release of personal information) and cyberattacks (the attempt to damage your data or computer systems).
According to SGI Canada, 54% of companies have experienced at least one cyberattack that’s compromised their computer systems and data. So here are a few key questions you should consider when weighing your need for cyber insurance.
Is cyber insurance worthwhile?
While it’s true cyber insurance adds to your annual costs, many businesses look at the protection it offers as an investment rather than an expense. The policy you need, in fact, might be more affordable than you think.
For example, according to CMB Insurance Brokers, cyber insurance starts at just $550 per year.
By comparison:
- The average cyber liability claim is $295,000
- Ransomware payments can cost upwards of $20,000
- The average business downtime following a cybersecurity incident is 3-5 days
Some companies may even need to hire an outside consultant to help get their business back up and running following a data breach or cyberattack. So, policy costs aside, it’s worth speaking with your insurance provider about the support they offer during and after an event.
What coverage are you likely to need?
Some business owners mistakenly believe their cyber risk is minimal unless they run a tech-centric company. In reality however, most businesses capture large amounts of client, employee, and third-party data, making cyber risk a mainstream liability.
General liability insurance isn’t likely to adequately protect your business from losses related to data breaches. Cyber insurance policies, on the other hand, are specifically designed to cover the costs related to:
- Legal support (like court fees, cyber extortion defense, and settlements from legal action)
- Business interruption (like income loss, computer equipment replacement, and increased operating expenses)
- Incident support (like ransomware negotiations, crisis management, and forensic investigation)
By adding cyber insurance to your business policy, you gain both first-party coverage (for damages to your business) and third-party coverage (for damages to your customers or partners) should you experience a cyberattack.
How vulnerable is your business to a cyberattack?
Most small businesses are vulnerable (about 40% will suffer a cyberattack, according to Westland Insurance, and 60% of those won’t recover), but some are at greater risk than others.
For example, while your business size, type, and data-use all play a role in determining the coverage you need, companies holding financial or healthcare data can expect to spend upwards of $1,000 annually for cyber insurance.
As you weigh your coverage options, you should also take time to identify your company’s weak spots and shore up your cyber defences by:
- Reviewing existing security. You may be keeping software updated, for example, but have you taken stock of what data you hold and where it’s located? Only then can you determine the best way to protect it.
- Educating employees. Your staff should be trained and consistently reminded about how to avoid threats like phishing scams and social engineering attacks.
- Consulting with an expert. Cybersecurity tools, support, and training are widely available to small business owners—associations like CFIB (Canadian Federation of Independent Business) are a good place to start.
Whether you opt for cyber insurance or not, your insurance provider is a great resource to help you better understand your areas of exposure and discover more ways you can protect your business from cybercrime.