Loading...

Facing Greater Risks, Small Businesses Still Lag in Adopting Cyber Insurance

Published: April 19, 2016 by Guest Contributor

What difference does $4.40 make? It can’t buy you much on its own, but it can make a world of difference when you’re handling the aftermath of a data breach or other cyberattack. That’s how much cyber insurance protection reduces the per-record cost of a data breach, according to the Ponemon Institute’s 2015 Cost of a Data Breach report. Whether you’re a small business owner with just a few hundred customers or a global corporation with records in the millions, the cost of being without cyber insurance in the wake of an incident can be extreme.

When you consider the sheer number of records involved in recent mega-breaches — more than 78 million in the Anthem breach alone — the cost reduction can easily soar into hundreds of million dollars saved. And while smaller businesses may have fewer records to be breached, the impact of an attack can be even more devastating to them than to global entities when they experience a mega-breach.

Yet less than one-third (32 percent) of businesses surveyed for Ponemon’s study reported having cyber insurance. The percentage was a bit better when theRisk Management Society (RIMS)asked 284 of its members about cyber insurance; 51 percent reported having stand-alone cyber insurance policies. Even fewer small businesses report having cyber insurance. Just 5 percent of small business owners surveyed byEndurance International Groupsaid they carried cyber insurance, despite 81 percent believingcybersecurityis a concern for small business.

Those who have cyber insurance clearly understand its value. RIMS members said they bought policies to:

  • Reduce the risk of an incident damaging their company’s reputation (79 percent).
  • Minimize the potential impact of business interruption (78 percent).
  • Aid in data breach response and notification (73 percent).

What’s more, of the RIMS members who didn’t have cyber insurance, 74 percent said they were considering buying it within the next 12–24 months.

While small business owners also appear aware of the risk, they seem less cognizant of the benefits of cyber insurance and other cybersecurity measures. Endurance found that although 94 percent of small business owners said they do think about cybersecurity issues, and nearly a third have experienced an attack or an attempt, just 42 percent have invested incybersecurityin the past year. A widely reported study by the National Cyber Security Alliance asserts that 60 percent of small businesses that experience a data breach go out of business within six months.

Cyber insurance premiums vary widely and are largely tied to a company’s revenues and exposure. Policies typically aim to address risks commonly associated with acyberattack, including:

  • Liability for loss of confidential information that occurs through unauthorized access to a company’s computer systems.
  • Data breach costs including notification of affected consumers, customer support and providing credit monitoring to affected customers.
  • The costs of restoring, improving or replacing compromised technologies.
  • Regulatory compliance costs.
  • Business interruption expenses.

Of course, like virtually any other type of insurance, cyber insurance policies can be customized to address the risks facing the individualpolicy holder. Many in the insurance industry feel that cyber insurance products have matured, evolving into a type of protection that businesses both large and small simply can’t afford to do without.

When you consider the devastating risk of facing acyberattackwithout insurance, that simple per-record cost savings of just $4.40 takes on a much deeper meaning. While more large companies are seeing the value of cyber insurance, small business owners need to begin incorporating this valuable type of protection into their overall cyber security plans.

Related Posts

Tenant screening fraud is rising, with falsified paystubs and AI-generated documents driving risk. Learn how income and employment verification tools powered by observed data improve fraud detection, reduce costs, and streamline tenant screening.

Published: September 4, 2025 by Ted Wentzel

In today’s digital lending landscape, fraudsters are more sophisticated, coordinated, and relentless than ever. For companies like Terrace Finance — a specialty finance platform connecting over 5,000 merchants, consumers, and lenders — effectively staying ahead of these threats is a major competitive advantage. That is why Terrace Finance partnered with NeuroID, a part of Experian, to bring behavioral analytics into their fraud prevention strategy. It has given Terrace’s team a proactive, real-time defense that is transforming how they detect and respond to attacks — potentially stopping fraud before it ever reaches their lending partners. The challenge: Sophisticated fraud in a high-stakes ecosystem Terrace Finance operates in a complex environment, offering financing across a wide range of industries and credit profiles. With applications flowing in from countless channels, the risk of fraud is ever-present. A single fraudulent transaction can damage lender relationships or even cut off financing access for entire merchant groups. According to CEO Andy Hopkins, protecting its partners is a top priority for Terrace:“We know that each individual fraud attack can be very costly for merchants, and some merchants will get shut off from their lending partners because fraud was let through ... It is necessary in this business to keep fraud at a tolerable level, with the ultimate goal to eliminate it entirely.” Prior to NeuroID, Terrace was confident in its ability to validate submitted data. But with concerns about GenAI-powered fraud growing, including the threat of next-generation fraud bots, Terrace sought out a solution that could provide visibility into how data was being entered and detect risk before applications are submitted. The solution: Behavioral analytics from NeuroID via Experian After integrating NeuroID through Experian’s orchestration platform, Terrace gained access to real-time behavioral signals that detected fraud before data was even submitted. Just hours after Terrace turned NeuroID on, behavioral signals revealed a major attack in progress — NeuroID enabled Terrace to respond faster than ever and reduce risk immediately. “Going live was my most nerve-wracking day. We knew we would see data that we have never seen before and sure enough, we were right in the middle of an attack,” Hopkins said. “We thought the fraud was a little more generic and a little more spread out. What we found was much more coordinated activities, but this also meant we could bring more surgical solutions to the problem instead of broad strokes.” Terrace has seen significant results with NeuroID in place, including: Together, NeuroID and Experian enabled Terrace to build a layered, intelligent fraud defense that adapts in real time. A partnership built on innovation Terrace Finance’s success is a testament to what is  possible when forward-thinking companies partner with innovative technology providers. With Experian’s fraud analytics and NeuroID’s behavioral intelligence, they have built a fraud prevention strategy that is proactive, precise, and scalable. And they are not stopping there. Terrace is now working with Experian to explore additional tools and insights across the ecosystem, continuing to refine their fraud defenses and deliver the best possible experience for genuine users. “We use the analogy of a stream,” Hopkins explained. “Rocks block the flow, and as you remove them, it flows better. But that means smaller rocks are now exposed. We can repeat these improvements until the water flows smoothly.” Learn more about Terrace Finance and NeuroID Want more of the story? Read the full case study to explore how behavioral analytics provided immediate and long-term value to Terrace Finance’s innovative fraud prevention strategy. Read case study

Published: September 3, 2025 by Allison Lemaster

BIN attacks are a growing threat in today’s digital payments ecosystem. Learn how to mitigate these attacks to reduce losses.

Published: August 27, 2025 by Theresa Nguyen