Why Do So Few Small Businesses Use Cyber Insurance
By recent estimates, less than one fourth of all small businesses carry cyber liability insurance. Despite this, businesses carrying some form of cyber insurance remains far below the level required to protect the economic viability of the small business sector.
Small businesses often cite one or two of five common factors for not obtaining a cyber insurance policy:
- Small businesses are not appealing targets for hackers.
- The small business’ electronic records are safely stored in the cloud.
- Hacking is no worse than any other technical or computer problem.
- Cyber insurance will not cover a small business’ economic losses from a successful hack.
- The small business can handle the hack internally.
The sad reality is that each of these factors is a myth, and each is dispelled by objective evidence of hacking attacks that have crippled small businesses across the country. For openers, as of 2015, 43 percent of all cyberattacks targeted small businesses. Even if a small business does not retain significant amounts of electronic customer data, it might provide an easy path for a hacker to break into the network of a larger vendor or customer.
A small business might also rely on the security of cloud storage, but that will not prevent a hacker from tricking an employee into giving him login information to access the business’ data. Sophisticated hacking attacks can also break through even robust cloud storage security. Moreover, hacking is not just an issue that an IT manager can easily handle as readily as any other computer or technical problem. Sophisticated hack attacks can quickly overwhelm a small business IT department that is likely already overworked.
Contrary to misplaced expectations, a cyber insurance policy will cover many of the direct and third-party economic losses that a small business might suffer as the result of a cyberattack. An experienced cyber insurance underwriter can explain the extent and limits of available coverage. Many small businesses have attempted to handle and recover from hacks internally, and without assistance from insurance carriers, but many of those businesses have either failed or never fully recovered from the hack.
Small businesses that do carry cyber liability insurance not only protect themselves from the increasing likelihood of a cyberattack, but they also place themselves in a better competitive position with that insurance. A company that carries this insurance will have a greater appeal to its customers, who see the insurance as proof that the company is taking greater care with customer information and that it is establishing resources that can be used to pay for damages and losses associated with compromised customer information. Vendors and customers also prefer to do business with a company that is more likely to stay in business after a cyberattack. A small business that suffers a catastrophic loss from a cyberattack is less likely to have that appeal of continuity to its customers and vendors.
A small business’s final objection might center around the perceived cost of cyber liability insurance. The market for this insurance has improved in the ten years since its inception and underwriters are now better able to assess a small business’ exposure to cyberattacks and to write affordable policies which reflect that exposure. In view of the potential losses that a small business might face from a cyberattack, the insurance to cover those losses is now as affordable as the standard comprehensive general liability policies that most businesses carry.
Smarter small businesses are beginning to understand that cyber liability insurance is the intelligent alternative to remaining exposed to losses from hacking attacks. Insurance carriers will work with those businesses to reduce their overall risk and to quote reasonable policies that cover losses from risks that cannot be mitigated.