Think your business is safe from a cyber attack? Most businesses do, especially smaller ones, but according to a recent report from the National Small Business Association, almost 45 percent of all small businesses will have some sort of computer security breach, and approximately 60 percent of those will cause a business interruption, with the average cost of fixing the problem nearly $10,000.
Ted Devine, CEO of TechInsurance, says the problem is a disconnect between perception and reality. It’s easy to hear news stories about the big guys getting hacked, such as Chase, Target, Home Depot -- and think, “Wow, that’s too bad, glad I don’t have to deal with it.” The reality is that small businesses are really attractive targets for hackers. Because they have less money, they tend to have less security in place.
“The numbers here are pretty staggering,” Devine says. “And Experian’s latest data breach report found that 60% of small businesses that are hacked go out of business within six months.”
That’s why there’s been a growing trend of companies buying cyber insurance to cover themselves if they are hacked. Some regular insurance policies pay computer security losses under loss-of-business or act-of-vandalism clauses, but there are few policies that specifically cover hacker attacks.
For small businesses, cyber insurance can usually be added to your business owner’s policy, which combines general liability and commercial property.
“It’s nice because it’s designed specifically for small business risks and it can be customized to fit a specific business’s needs,” Devine says. “So cyber can be added as an endorsement for between fifty dollars and a couple hundred dollars per year. If it’s bought as a standalone policy, which would offer more coverage, the policy would cost in the neighborhood of $1,000 to a couple thousand.”
While every policy is different, the basic coverage for a non-IT business includes recovering the costs associated with a data breach: notifying customers, paying for credit monitoring for affected customers, launching a PR campaign to restore public trust, possibly regulatory fines, and maybe investigating the breach and determining what caused it.
For example, let’s say two brothers own a sandwich store, and do pretty brisk business with professionals who want a quick lunch. Most of the customers use credit cards. Meanwhile, a hacker offsite hacks into the point-of-sale system and installs malware on the system that collects the credit and debit card information processed in every transaction.
“That’s a pretty common hack for restaurants -- something like three-quarters of hacks at restaurants are on the point-of-sale system,” Devine explains. “If you’re like 99% of businesses victimized by POS hacks, you won’t notice. In fact, you may never know until someone else discovers the hack. But when they do, you’ll be responsible for compensating every customer whose data was stolen.
“You may also be required to pay for credit monitoring for a year (the standard period) for affected customers. Depending on where you live, you may be required to pay regulatory fines, too. And then you’ll probably want to update your POS system and you’ll have to deal with convincing the hungry lunch crowd that it’s still safe to buy your sandwiches.”
If you have cyber insurance, all this will be covered and the sandwich shop wouldn’t be one of the nearly 90 percent of businesses to close because of cyber security leaks. Insurance for the peace of mind alone seems worth it.
technology, innovation, entrepreneurship, small business