[BreachExchange] 4 Reasons Why Cyber Insurance Is Good for Small Business

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 2 18:44:12 EDT 2017


The headlines might carry news of cyberattacks against large companies,
such as Target and Home Depot, but the greater reality is that small
businesses are as likely, if not more likely to experience a cyberattack.
By one estimate, the number of cyberattacks experienced by small- to
mid-size businesses (SMBs) increased by more than 40 percent from 2015 to

This rate of increase shows no signs of slowing down, which suggests that
small businesses need to take steps to protect themselves against breaches
of their computer networks by cybercriminals.

For at least four reasons, cyber insurance is an important part of that

SMBs Budget

First, SMBs are less likely to utilize the sophisticated cyberdefenses that
large companies are able to install in their own networks. Larger companies
can devote more resources to employ large information technology teams and
to install sophisticated detection technology in their information systems

Greater resources also give large businesses a better chance to keep
cyberdefenses up to date and to detect a cyberattack early enough to stop
before it does excessive damage. Unless a small business is willing or able
to devote similar resources to its own network, cyber insurance is a sound

Customer Personal Data

Second, SMBs hold copious amounts of personal data from their customers.
Many SMBs will discount both the amount and the depth of customer data that
they maintain.

Cyberattackers know otherwise, and readily target small businesses to steal
customer names, email addresses, purchase histories, and credit card
information. Many SMBs maintain general liability and indemnity insurance
to protect physical assets and to cover liabilities associated with
negligence and errors.

Cyber insurance can extend that coverage to losses of valuable customer

Lawsuits from Cyberattacks

Third, lawsuits associated with losses from cyberattacks are expensive.
Litigation and settlement costs associated with a handful of cyberattack
lawsuits in 2014 are illustrative.

For example, the Florida behavioral health services provider, AvMed,
established a $3.1 million settlement fund after more than a million of its
clients’ social security numbers and health records were compromised in a

Or another example, the Missouri food retailer, Schnucks Markets, settled a
cyberattack class action lawsuit for $2.1 million. The online ticket
seller, Vendini, set up a $3 million settlement fund to reimburse customers
whose data was placed at risk as a consequence of a cyberattack. Few SMBs
can handle these kinds of costs without insurance coverage.

Cyberattack Threat

Last, a successful cyberattack can mean the death of an SMB. More than half
of all SMBs that experience a cyberattack are out of business within six
months after the attack.

A small business’s founders can work for years to build up the business,
only to see all of the value that has been created evaporate as a result of
one unauthorized network incursion.

A ransomware attack, for example, can freeze a company’s systems and delete
critical data. If an SMB is unable to recreate that data, it will quickly
shut its doors for good.

Over the past twenty years, cyber insurance companies have developed the
expertise and know-how to evaluate risks faced by SMBs and to underwrite
cyber defense insurance to cover those risks.

They also consult with their clients to evaluate their risk profiles and to
establish better defenses and protocols to handle a cyberattack when it
happens. If that cyberattack leads to direct financial losses and third
party liabilities, the cyberinsurance can cover a large portion of those
losses and liabilities, allowing the business to remain afloat while it
rebuilds its internal structures and re-establishes sound relationships
with its clients and customers.

No SMB can underestimate the cyber risks that it faces, and none can afford
to insure against those risks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170502/f763692a/attachment.html>

More information about the BreachExchange mailing list