Facing Greater Risks, Small Businesses Still Lag in Adopting Cyber Insurance

April 19, 2016 by ofonseca

What difference does $4.40 make? It can’t buy you much on its own, but it can make a world of difference when you’re handling the aftermath of a data breach or other cyberattack.

That’s how much cyber insurance protection reduces the per-record cost of a data breach, according to the Ponemon Institute’s 2015 Cost of a Data Breach report. Whether you’re a small business owner with just a few hundred customers or a global corporation with records in the millions, the cost of being without cyber insurance in the wake of an incident can be extreme.

When you consider the sheer number of records involved in recent mega-breaches — more than 78 million in the Anthem breach alone — the cost reduction can easily soar into hundreds of million dollars saved. And while smaller businesses may have fewer records to be breached, the impact of an attack can be even more devastating to them than to global entities when they experience a mega-breach.

Yet less than one-third (32 percent) of businesses surveyed for Ponemon’s study reported having cyber insurance. The percentage was a bit better when the Risk Management Society (RIMS) asked 284 of its members about cyber insurance; 51 percent reported having stand-alone cyber insurance policies. Even fewer small businesses report having cyber insurance. Just 5 percent of small business owners surveyed by Endurance International Group said they carried cyber insurance, despite 81 percent believing cybersecurity is a concern for small business.

Those who have cyber insurance clearly understand its value. RIMS members said they bought policies to:

  • Reduce the risk of an incident damaging their company’s reputation (79 percent).
  • Minimize the potential impact of business interruption (78 percent).
  • Aid in data breach response and notification (73 percent).

What’s more, of the RIMS members who didn’t have cyber insurance, 74 percent said they were considering buying it within the next 12–24 months.

While small business owners also appear aware of the risk, they seem less cognizant of the benefits of cyber insurance and other cybersecurity measures. Endurance found that although 94 percent of small business owners said they do think about cybersecurity issues, and nearly a third have experienced an attack or an attempt, just 42 percent have invested in cybersecurity in the past year. A widely reported study by the National Cyber Security Alliance asserts that 60 percent of small businesses that experience a data breach go out of business within six months.

Cyber insurance premiums vary widely and are largely tied to a company’s revenues and exposure. Policies typically aim to address risks commonly associated with a cyberattack, including:

  • Liability for loss of confidential information that occurs through unauthorized access to a company’s computer systems.
  • Data breach costs including notification of affected consumers, customer support and providing credit monitoring to affected customers.
  • The costs of restoring, improving or replacing compromised technologies.
  • Regulatory compliance costs.
  • Business interruption expenses.

Of course, like virtually any other type of insurance, cyber insurance policies can be customized to address the risks facing the individual policy holder. Many in the insurance industry feel that cyber insurance products have matured, evolving into a type of protection that businesses both large and small simply can’t afford to do without.

When you consider the devastating risk of facing a cyberattack without insurance, that simple per-record cost savings of just $4.40 takes on a much deeper meaning. While more large companies are seeing the value of cyber insurance, small business owners need to begin incorporating this valuable type of protection into their overall cyber security plans.