Many organizations avoid buying cyber insurance because they think they don’t need it. Then they suffer a cyberattack and realize (too late) they should have purchased coverage.
What’s your excuse for not buying coverage?
Excuse #1: We’re not a likely target.
Perhaps you think your company won’t be a target because you don’t store the personal and financial data hackers want or because your company is too small to attract attention.
Don’t be so sure.
It’s true hackers often pursue financial and healthcare data they can sell on the dark web. However, hackers may also go after business email addresses to use in phishing attacks. Hackers can also make money in other ways – for example, by extorting victims into paying a ransom to regain control of their systems.
Coveware found that 43.8% of ransomware attacks targeted companies with no more than 100 employees and 81.6% targeted companies with 1,000 or fewer employees. Whereas industries like healthcare and financial services were frequent targets, other industries – including food and staples, capital goods, transportation, and real estate – were also targets. Any company, regardless of size or industry, can experience a cyberattack.
Excuse #2: We already have insurance.
If you’re counting on your other insurance policies to cover you in the case of a cyberattack, check your policy. Policies with cyber exclusions have become increasingly common in recent years.
The Insurance Information Institute says cyber insurance can cover many costs general liability insurance may exclude, including:
- Legal fees
- Repairing your digital infrastructure
- Restoring your clients’ personal information
- Recovering your proprietary data
Excuse #3: We’re careful about cybersecurity.
You train your workers on how to spot phishing attempts, you require strong passwords and multifactor authentication for every account, and you configure your IT systems with cybersecurity best practices in mind. Fantastic.
You could still be hit with a cyberattack.
Cybercriminals are constantly changing their tactics and employing new strategies. They’re uncovering new software vulnerabilities to exploit, creating more convincing phishing campaigns, and leveraging new technologies to make their attacks more powerful. Even if you can thwart most attacks, exploiting your system only requires one successful attempt out of hundreds.
The 2022 State of Ransomware report from Sophos found that 66% of organizations had been hit with ransomware in the last year – and that’s just one possible type of attack. When the majority of organizations are experiencing attacks, you shouldn’t assume your organization will be the exception.
Excuse #4: We can handle a cyber incident on our own.
Cyber incidents have become incredibly expensive. One issue is ransomware demands have increased. Sophos says ransomware demands averaged $812,360 in 2021 – 4.8 times the average ransom in 2020. Another issue is states have introduced data breach notification laws, and compliance can be expensive. The National Conference of State Legislatures found that all 50 states, the District of Columbia, Guam, Puerto Rico, and the Virgin Islands have laws requiring private businesses to notify individuals of security breaches involving their personally identifiable information. Cyberattacks can also lead to business interruption, lost revenue, IT costs, and legal expenses.
Unfortunately, many small businesses underestimate the costs of a cyberattack. Nationwide found that 40% of small business owners think a cyberattack would cost less than $1,000, whereas the average recovery cost is actually between $15,000 and $25,000.
Excuse #5: Cyber insurance isn’t worth the cost.
Cyber insurance premiums have surged over the last couple of years. The sticker shock may cause some business leaders to reconsider buying coverage.
Before you reject coverage, keep in mind that cyber premiums are rising because claims have risen. Cyber insurance may be pricey, but an uncovered cyberattack can cost far more.
There is good news: according to the Council of Insurance Agents & Brokers, cyber insurance rates are moderating. Securing coverage still requires a strong submission showing you have solid cybersecurity practices in place, but prices are not increasing as rapidly as in the past.
Are you out of excuses? Heffernan Insurance Brokers can help you obtain the cyber insurance you need to protect your business. Learn more.