Why Small Businesses Should carry Cyber Insurance Coverage


Cyber Insurance coverage is a relatively new type of insurance and is not well understood. Many small businesses and business owners think Cyber Insurance coverage is just for large companies like Equifax and Target. This, however, is not true. According to the National Small Business Association 42 percent of business experienced cyber attacks. There are most likely countless more attacks that were not reported or the victims were not aware. The excerpt below from the Insurance Journal and Christian Durdaller explain the importance of Cyber Insurance to Small Business.

Why Buy Cyber?

As an insurance professional, you should encourage all your clients to buy cyber coverage. There is no shortage of compelling reasons to do so.

First, small companies do fall prey to attacks. A whopping 42 percent of businesses reported being a victim of a cyber attack in 2015, according to the National Small Business Association (NSBA).

This is partially because they have fewer resources to put toward IT personnel and IT security systems than their larger counterparts, so they are relatively easy targets.

Small firms also generally fail to make cyber security a significant part of company culture. Only 15 percent offer employees cyber training, according to a 2016 Better Business Bureau report. Because a sizable number of claims result from human error, educating employees across the organization should be a key risk management goal.

Smaller businesses have less ability to weather the financial storm in the aftermath of a cyber event. The NSBA study found that for small companies that had their banking accounts hacked, the average loss was $32,021.

There are many other sources of potential financial damage, such as costs for lawsuits from damaged customers, forensics experts to clean and repair an infected network, notification costs, and PCI and/or government fines and penalties, just to name a few.

There is virtually no business that is immune to cyber risk. For example, even a manufacturer that handles little data still has sensitive information on its network regarding employees, such as Social Security numbers, addresses, dates of birth, etc.

Let’s assume there is a small business with no valuable or sensitive data just for argument’s sake. This is a bad assumption, but even if it was true, the firm still has the risk of an incident resulting from “island hopping.” Most small businesses are connected digitally to their vendor partners, which are often larger entities. The bad guys exploit this arrangement, penetrating the network of the smaller companies that are easier prey, and then jumping via vendor connections into the systems of the larger, more valuable companies. Island hopping caused the infamous Target breach in 2013, for example.

Selling cyber coverage to a small firm is easier than ever, but can still present challenges. However, with the extensive benchmarking data available today, forward-thinking agents can present a client with an accurate picture of what other small businesses in that client’s sector and revenue range are buying. Data risk modeling using real-life claims to demonstrate what costs a client would likely incur from a cyber incident can also help encourage clients to buy needed coverage.

Now is an opportune time to purchase cyber: the potential loss can be substantial for a small business, the coverage is overly broad, rates are remarkably low for state-of-the-art coverage and the market is expected to remain extremely soft for at least the next year. This presents a win-win opportunity for both insurance agents and their insureds. [Source]


Bluehill Insurance offers Cyber Insurance Coverage for business of all sizes.  Give us a call today or go to our cyber insurance page to get started.