According to Verizon’s 2022 Data Breach Investigation Report, small businesses are just as vulnerable—if not more vulnerable—to cyberattacks as large organizations. Small businesses typically have fewer IT resources to help prevent and mitigate cyber threats, which can make them an easy target.
Preventing cyberattacks starts with implementing and adhering to best-in-class cybersecurity practices. And if that’s not enough to prevent a cyber-attack, cyber insurance coverage is another way to protect your business from the consequences of a cyberattack.
Not sure what cyber insurance covers? No problem! Below is a breakdown of cyber coverages small businesses should consider.
Data Compromise Response Expenses: If a business discovers personal data in their care was breached (e.g., stolen or inadvertently published), this coverage can pay the costs of professional legal consultation, forensic IT review to determine the cause of the breach, notifying affected individuals their data was breached, and providing identity recovery services to those individuals.
Computer Attack Expenses: If a business experiences a computer attack that corrupts a computer system or its data, this coverage can pay the costs to restore and/or recreate the corrupted data and restore computer systems. It also covers loss of business income associated with the attack and public relation services to help communicate with outside parties about the attack.
Cyber Extortion (Ransomware): If a business receives a cyber extortion threat (e.g., the business’s systems are compromised, and the hacker is demanding compensation to restore the systems), this coverage can pay the costs of a negotiator for the cyber extortion threat and the amount the business pays the hacker to eliminate the cyber threat.
Misdirected Payment Fraud: If a business is the victim of a wrongful transfer event—an intentional and criminal act to deceive the insured to pay a fraudster instead of the original receiver (e.g., vendor)—this coverage can pay the amount fraudulently obtained from the business.
Computer Fraud: If a business is the victim of a computer fraud event—unauthorized access to a computer system that results in intentional, unauthorized, and fraudulent changes to the system that lead to money being sent or diverted—this coverage can pay the amount fraudulently obtained from the business.
Identity Recovery: If a business owner’s identity is stolen, this coverage provides identity recovery services and expense reimbursement.
Data Compromise Liability: If a business discovers personal data in their care was breached (e.g., stolen or mistakenly leaked) and the affected person sues the business for the breach, this coverage can pay defense and settlement costs of the suit.
Network Security Liability: If a business is named in a network security liability suit—a suit that claims the business’s data breach or computer attack caused damage to a third party—this coverage can pay defense, settlement, and judgment costs.
Electronic Media Liability: If a business is named in an electronic media lawsuit—a suit that claims infringement (e.g., copyright, title, slogan, trademark, etc.), defamation, or a violation of a person’s right to privacy—this coverage can pay the defense, settlement, and judgment costs.
Not all cyber insurance is created equal, so it’s important to know what coverages you need!