Cyber Insurance Coverage Checklist for Small Businesses
Dec 7, 2021
Cyber insurance protects your business against losses arising from cyber attacks.
As a small business owner, you want access to experts who can help you recover from a cyber attack. That way, you can stay focused on running your business. Cyber insurance helps you recover from the financial costs associated with a cyber incident—everything from fines and penalties to monetary loss.
In this post, you’ll learn why small businesses need cyber insurance and what questions to ask before buying coverage. Review our cyber insurance coverage checklist.
Why Small Businesses Need Cyber Insurance
Any business that leverages technology and collects and stores data is at risk of a cyber attack. Without a dedicated cyber policy, most small businesses don’t have an adequate safety net to recover after a data breach.
Cyber insurance coverage protects businesses against the financial losses caused by unforeseen cyber incidents, including system hacking, data breaches and theft, denial of service, loss of data, and ransomware extortion payments. According to Hiscox’s Cyber Readiness Report of 2021, one-in-six of all firms attacked this year (17%) said the impact was serious enough to ‘materially threaten the solvency or viability of the company’.
Cyber insurance coverage helps businesses protect themselves against the losses or damage caused by data breaches and cyber attacks. In some states, small businesses also need cyber insurance to help them comply with regulations that require them to notify their customers of data breaches involving personally identifiable information. Cyber insurance can also help small businesses cover:
Reimbursement of all legal expenses, if sued
Cover defense expenses, like responding and cooperating with regulatory investigators
Costs to recover compromised data and repair damaged computer systems
Customer notifications when there’s a data breach
Access to cyber security experts, risk management services, and other resources to help mitigate data breaches
Types of Cyber Insurance Policies
Cyber insurance policies typically come as first-party and third-party coverages. Let’s take a look at how these two types of coverage compare.
First-party coverage reimburses you for the financial loss associated with data breaches and cyber threats on your business. This type of policy simply protects your employee and customer data. It will reimburse you for costs related to:
Recovering, restoring, and replacing lost or stolen data
Lost income following the interruption of business operations
Ransomware extortion and fraud
Forensic services to investigate the cyber attack
Fees, fines, and penalties accrued after the cyber incident
Notifying customers about the breach
A third-party cyber insurance policy, also known as liability coverage, pays for claims against your business by your clients as well as obligations you may have either under regulations, laws, or contracts. This coverage protects you when third parties accuse you or hold you responsible for damages if their information is compromised. Third-party coverage helps offset:
Payments to consumers whose data was compromised
Claims and settlement expenses following lawsuits or disputes
Losses related to defamation and infringement of either copyright or trademark
Costs associated with regulatory inquiries
Cyber insurance may create a loophole for businesses that provide technology services. In this case, you can bundle third-party coverage with an errors and omissions policy (E&O). The E&O policy will kick in if a business’s product, service, or employee causes the cyber attack.
Key Elements of Cyber Insurance Coverage
Cyber insurance coverage will cover these key elements:
Business interruption protection: Cyber insurance offers business interruption protection to cover any income lost when your business has to halt its operations. The policy will pay for interruptions arising from events like computer hacking, tech failures, viruses, and programming errors.
Breach costs compensation: Cyber insurance pays the costs associated with handling and responding to a data breach, such as costs to notify customers, forensic costs to assess the breach, credit protection services, and crisis management costs.
Data recovery protection: Cyber insurance provides data recovery protection to pay for costs associated with restoring, replacing, or repairing destroyed data.
Privacy protection. Cyber insurance offsets expenses incurred when defending and resolving claims related to exposure of confidential corporate information and personally identifiable information. Coverage may also extend to negligence, violation of consumer protection laws or privacy, and breach of contract.
Cyber extortion protection: Cyber insurance will also cover financial payments and response costs associated with cyber attacks based ransom demands. Cybercriminals may steal sensitive information and use it to exhort a business through threats.
Cybercrime protection: With a cyber insurance policy, your business receives protection against the financial losses associated with funds transfer fraud, social engineering, and reverse social engineering.
A cyber insurance policy won’t reimburse you for every claim you make. Common cyber insurance exclusions include:
Property and physical damage: Cyber insurance only pays for financial losses, so property and physical damage caused by a cyber attack or data breach isn’t normally covered.
Intellectual property: Cyber insurance doesn’t cover intellectual property losses since they are not directly caused by a data breach.
Self-inflicted cyber incidents: Cyber insurance policies won’t cover cyber incidents that your business is liable for, such as an employee infecting the system with a virus.
Protection measures: Protection measures like employee training or setting up a virtual private network are not covered by a cyber insurance policy.
Assess Your Cyber Risks
The evolution of cyber security threats offer a constant level of risk for a small business’s data and assets. Cyber insurance can provide the requisite protection, but you need an assessment of the potential risk areas and exposures. Here are some common cyber security exposures you need to consider:
Phishing attacks: Phishing attacks are carefully targeted digital messages sent to trick people into clicking a spoof link that can then expose sensitive data or install malware. Such attacks enable cybercriminals to steal credit card credentials, user logins, and access private databases.
Ransomware attacks: Businesses lose millions of dollars annually as hackers kidnap organizations’ databases and hold the information for ransom. Cryptocurrencies have been credited with fueling ransomware attacks since they help cybercriminals receive ransom payments anonymously.
Malware: Malware attacks are the most common cyber risk. Malware is malicious software that installs into the system when users click links. Once it infiltrates the system, it can block access to crucial network components and gather confidential information.
Denial of Service Attack (DoS): DoS attacks flood networks, systems, or servers with traffic, hence making the system unable to fulfill legitimate requests.
Social engineering: Social engineering occurs when an attacker uses human interaction to obtain or compromise information in an organization’s systems. The attacker may claim to be a professional. But by asking questions, the attacker can gather information to infiltrate your business’s network.
Questions to Ask Cyber Insurance Providers
If your business is considering investing in cyber insurance coverage, here are some questions to ask your insurance agent.
What cyber incidents are covered?
Most policies will provide first-party and third-party coverage, but you should also ask about the possibility of including policy add-ons. Don’t forget to ask about incidents that are excluded from coverage.
How long after a breach should you report?
You may not uncover a cyber attack immediately after it happens. Therefore, you’ll want to know your insurance provider’s reporting timeframe. You should report a breach or incident to your insurance provider as soon as you have any suspicion that something may have occurred.
Does the provider specialize in your business niche?
Some business industries have specific compliance rules, like HIPAA compliance for healthcare. Ask whether your potential insurer understands the data handling rules, compliance, and insurance requirements for your area of business.
What is the cost?
Ask about what you will pay in premiums for a cyber insurance policy for your business. If your policy has a deductible, inquire about the impact it has on raising or lowering your premium. You’ll also want to explore potential savings through insurance discounts or bundling policies.
Consider Cyber Insurance Coverage for Your Small Business
The cost that follows a cyber attack can be devastating. That’s why you need cyber insurance coverage to mitigate the financial losses. Perform due diligence when buying a policy, including asking your potential insurer about the cost of coverage, what incidents are covered, and how to make a claim.