Blog / A Cyber Insurance Primer for SMBs
No matter the size of your business, you’re never too big to take a hit. Between major breaches like the Kaseya incident earlier this year, and the thousands of minor breaches and ransoms SMBs suffer through that never make the headlines, it’s not hard to recognize that the valuable data assets which inform your strategic decisions are also a liability. Building a profitable client base that trusts you is no small feat. The last thing you need is for all that value to become settlements and fines because a host of personal information records made their way onto the dark web. That’s what cyber insurance is for.
Now, to be clear, preventing those breaches depends on good cyber security, and, well, we hope you’ll forgive us for reminding you of our exceptional security record (no client breaches in the past five years for anyone using our Preferred Services). Nevertheless, it’s always a good idea to get some extra protection in case things go off the rails. An MSP with an exceptional safety record is a great way to get low premiums for cyber insurance.
But what is cyber insurance?
It’s actually straight forward, though there are some details that won’t be obvious right off the bat. First and foremost, let’s be clear that cyber insurance is NOT business insurance. There might be a cyber component to your current business insurance policy, but it’s not the same thing.
So, what IS cyber insurance? Essentially, it’s liability insurance, much like you’re required to get for your car. It doesn’t protect assets the same way house or business insurance does. In a way, it’s insurance for your network and the data that resides on it. For these reasons, it’s also sometimes known as cyber risk insurance or cyber liability insurance. These terms all refer to the same thing.
Who is it for?
Everybody! And don’t worry, we don’t get kickbacks for referrals. We just honestly think it’s a good idea for any business connected to the internet. If you collect and store sensitive data of any kind, be they trade secrets, medical records, or any other proprietary (client, vendor, or resident) information, you need cyber insurance. It doesn’t matter if you store your data in a cloud, physical server, PC, or even a mobile device. Even if your business wouldn’t be crippled by the costs (settlements, legal fees, etc.) of a serious breach, it could be a long time before your bottom-line recovers.
What does it cover?
Data breaches are serious events whose consequences impact every facet of a business and go beyond just the immediate costs of downtime or ransomware payments. Not only will you likely face court and legal costs, but there’s also regulatory fines to consider. This doesn’t even begin to consider the possible long-term damage to your reputation and future success.
Like most insurance, cyber insurance policies can come in a variety of forms and differing degrees of coverage. Your exact needs are going to vary depending on your business, but your policy should, at minimum, cover the legal and regulatory violation fines, as well as incident responses including data recover and investigations. Depending on how you use your information, you may want to consider getting both first-party (your business) and third-party (your customers) policies. Business interruption insurance can also cover the costs of paying rent and keeping staff employed while you recover from the cyber attack.
Sounds expensive. How much does it cost?
As with other insurance, it’s impossible to predict an exact price for a cyber insurance policy, which is going to vary from business to business. However, businesses spent an average of $124 (USD) per month in 2020, which is a good starting point. Other factors that affect your policy price include how many credit card transactions you process, the type of data stored, your industry, and business size. Also, don’t forget to include your deductibles when judging the value of your policy. Of course, your insurance company will want a risk assessment and information on your IT provider. That’s why using a reputable MSP with real expertise and a sterling record (like TRINUS’s) can pay off. A good provider with exceptional cyber security can help get you the lowest premiums possible, and help you fill out complex risk assessment insurance forms.
Finally, remember you’re dealing with an insurance company. Keep an eye out for loopholes that can come back to bite you, and review policies thoroughly. For example, many insurers got out of paying for the results of 2017’s NotPetya attack because it was a state-sponsored attack between Russia and Ukraine that clients got caught up in. State-sponsorship is actually a fairly common element of ransomware threats, so make sure you understand the nitty gritty before you sign on the dotted line.
Cyberthreats are always evolving, and the best MSPs are always evolving their cyber defenses to match. Nevertheless, there’s always a small window between threat-detection and solution deployment. Having a robust cyber insurance policy protects you from the potentially disastrous effects of a breach, while using an experienced IT provider keeps premiums low. If you have any questions about cyber insurance, or require a risk assessment for a policy, contact your TRINUS account manager and we’ll be happy to help out.
The TRINUS Team