Imagine yourself walking into the office tomorrow morning, and you can’t access your computer files. Accounts payable, pending invoices, confidential client information, your latest project. All gone. Potentially forever. The only screen displayed is demanding $1,000 in Bitcoin. If I pay the ransom, will they unlock my files? How do I pay in Bitcoin? Should I notify law enforcement? Am I required to notify my clients? Which of the 48-different state and territory breach notification laws am I required to follow? How much time and money will this cost my business? What will my clients think?
Major hacks such as Target, Home Depot, and Equifax certainly bring fear to the average consumer. However, these headlines are misleading in that small to medium-size businesses (SMBs) are bearing the brunt of cyber-attacks, but rarely get any national attention. According to Symantec, SMBs comprise roughly 60 percent of all breaches. Of those, roughly 1 of 2 are out of business within 6 months of the attack.
SMBs are an ideal target for cybercriminals. Unlike large businesses, SMBs lack the revenue for dedicated IT personnel to constantly monitor their network, install the latest patches, and employ complex multilayered defenses. Commissioner Luis A. Aguilar of the U.S. Securities and Exchange Commission has the most succinct summary of the cyber-security problems faced by SMBs:
“Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses are not just targets of cybercrime, they are its principal target. In fact, the majority of all targeted cyber attacks last year were directed at SMBs”
Most business owners have contemplated cyber insurance, but many have hesitated to purchase what is now considered a routine cost of business by larger organizations. Mainly, it’s a lack of understanding their exposure, and being intimidated by the seemingly endless number of options. To compound the problem, some insurance brokers do not have the requisite technical background, education, or experience, to fully advise you.
This two-page guide is not legal advice, nor will it cover all the deeper complexities inherent in cyber insurance. That requires a conversation with cyber insurance experts. For the purposes of the average business owner, it should answer your most common questions.
Click here for a PDF of this guide: What Every Business Should Know About Cyber Insurance
About the Authors
Joseph Brunsman is the Vice-President of Chesapeake Professional Liability Brokers, Inc. Currently, he is pursuing a Master’s Degree in Cybersecurity Law. He is a former IT, with a degree in Systems Engineering (Robotics) from the United States Naval Academy. He is the co-author of True Course: The Definitive Guide for CPA Practice Insurance, as well as numerous articles found in national publications. He specializes in helping SMBs find tailored cyber insurance solutions.
Dan Hudson is the President of Chesapeake Professional Liability Brokers, Inc. He is also a graduate of the United States Naval Academy, a retired Naval Officer, and a former Commanding Officer. He is the co-author of True Course: The Definitive Guide for CPA Practice Insurance, as well as numerous articles found in national publications.