Small businesses are becoming prime targets for cybercrime, and many business leaders are unprepared.
In the aftermath of the pandemic, it is no surprise that small business owners are consumed with day-to-day operations. However, as business leaders continue to navigate labor shortages and rising costs, fewer efforts are focused on cyberattack prevention, which offers new opportunities for cybercriminals.
The risk and severity of a cyberattack have increased significantly in recent years. For example, RiskRecon reports an increase of 152% in data breaches at small businesses between 2020 and 2021. Furthermore, ransom demands have more than doubled. According to the Palo Alto Network report, the average ransom demand reached $2.2 million in 2021, up 144% from the year before.
Cyber liability insurance can significantly impact a small business’s ability to navigate and survive these attacks. However, due to an increase in cyber incidents, cyber insurance coverage is rapidly evolving and has become difficult to obtain.
Cybercrime Aimed at Small Business
Along with the increase in remote work and digitization, cybercriminals have become more sophisticated and have increased in number.
As small businesses expanded their remote working networks, new opportunities for cyber attacks have emerged, such as phishing scams and ransomware. In addition, cybercriminals can attack hundreds, if not thousands, of these vulnerable networks simultaneously because few small businesses have proper network security or the resources to prioritize cybersecurity awareness.
In addition to the increasing need for network security, business leaders are searching for cyber insurance policies to help prevent and respond to a cyberattack.
Growing Challenges of Cyber Insurance
Cyber insurance has become a vital need given the frequency of cyber threats targeting small businesses. However, as ransom demands reach millions, the cost of cyber protection has risen accordingly.
“Pricing for small business cyber insurance has gone up between 10% and 40% annually in the last 24 months,” says Mike McBride, chief executive officer of Mason-McBride. And pricing isn’t the only obstacle. “More small businesses on a percentage basis are being declined for coverage due to tighter underwriting and compliance requirements,” Mr. McBride said.
Tightening Cyber Coverage Protocols
In addition to increasing coverage prices, underwriters are taking a closer look at how companies maintain their cybersecurity.
According to The Council of Insurance Agents & Brokers (CIAB) Commercial Property/Casualty Market Index, carriers have responded to the increase in both frequency and severity of cyber claims by adopting stricter underwriting guidelines.
For example, if a company does not have Multi-Factor Authentication (MFA) or data encryption in place, they are deemed “virtually uninsurable,” and a quote is refused.
Agents and brokers also report that carriers require stronger passwords, third-party vendor management, an incident response plan, training of employees on phishing, system backups, and endpoint detection.
In some cases, carriers add a minimum of 20% ransomware coinsurance provision to their existing coverage proposals.
“Cyber insurance is becoming increasingly difficult to obtain as the application and renewal processes are changing rapidly. Many of our clients are caught by surprise, and some are denied renewal coverage when unable to respond with the appropriate safeguards,” says Jamie Parry, Vice President of Mason-McBride. Nonetheless, it is now more important than ever to have coverage. “As the likelihood of a cyberattack grows, we are seeing more and more claims where a cyber policy can mean the difference between recovering from a cyberattack and losing everything you’ve worked so hard for,” Mr. Parry said.
Real-Life Cyber Claim Example
Consider this real-life example of a cyberattack on a nonprofit organization:
In this example, the cybercriminal sat in the email inbox of the nonprofit’s Finance Director for over four months, just waiting and watching. So how did they gain access? First, they researched, found the person who handled the money, sent a phishing email, and stole her credentials.
The attacker spoofed the nonprofit’s domain, set up email rules to divert replies, and sent compromised attachments. They sent an email to six people facilitating two substantial fund transfers of roughly $620,000 each — totaling nearly $1.3 million.
A short time later, the organization realized that employees were being asked to purchase gift cards via email. After doing some digging, they realized they’d been hacked, and the large payments they made went to a fraudulent bank account. So they acted quickly by contacting their insurance provider, Coalition.
The Coalition team stepped in and discovered 82 malicious logins into accounts worldwide. Immediately, the claims team worked with law enforcement to file a report and stop the funds from being transferred. Due to their rapid response, they were able to recover all but $500 of the money.
Claim Scenario provided by Coalition
Cyber Liability Protection
Now is the time to defend against a cyberattack. Cyber insurance coverage provides the resources to respond and mitigate harm when hacked. Cyber insurance helps protect against losses not typically covered under traditional insurance policies, including first-party costs like forensics investigation and notification. Additionally, cyber insurance extends to third-party claims alleging unauthorized disclosure of personal information or other confidential data.
Interested in Learning More?
Our cyber liability specialists are happy to answer all your questions. In addition, our agent will identify your business’ cyber risks and develop custom and appropriate coverage to reduce your exposure.
Please get in touch with us if you want to review your policy or have any questions about cyber liability insurance.
As always, we are here to help you, your employees, and your business with all your insurance needs. Thank you for allowing Mason-McBride to serve you!
Article By Casey Rotary