Small and mid-sized businesses face an ever-growing number of cybercrime threats. These businesses are often the targets of cybercriminals because they lack the resources to protect themselves properly. In addition, many small and mid-sized businesses are unaware of the risks they face and do not have adequate cybersecurity measures.
The good news is that there are steps these businesses can take to protect themselves. One of the most important is to purchase cyber insurance.
Cyber insurance can significantly impact a small business’s ability to navigate and survive these attacks. However, due to an increase in cyber incidents, cyber insurance coverage is rapidly evolving and has become difficult to obtain.
Cyberattacks Aimed at Small Business
The risk and severity of a cyberattack have increased significantly in recent years. For example, RiskRecon reports an increase of 152% in data breaches at small businesses between 2020 and 2021. Furthermore, ransom demands have more than doubled. According to the Palo Alto Network report, the average ransom demand reached $2.2 million in 2021, up 144% from the year before
As small businesses expand their remote working networks, new cyberattack opportunities have emerged, such as phishing scams and ransomware. In addition, cybercriminals can attack hundreds, if not thousands, of these vulnerable networks simultaneously because few small businesses have proper network security or the resources to prioritize cybersecurity awareness.
In addition to the increasing need for network security, business leaders are searching for cyber insurance policies to help prevent and respond to a cyberattack.
Challenges of Cyber Insurance
Cyber insurance has become vital, given the frequency of threats targeting businesses. However, as ransom demands reach millions, the cost of cyber protection has risen accordingly.
“Pricing for small business cyber insurance has gone up between 10% and 40% annually in the last 24 months,” says Mike McBride, chief executive officer of Mason-McBride. And pricing isn’t the only obstacle. “More small businesses on a percentage basis are being declined for coverage due to tighter underwriting and compliance requirements,” Mr. McBride said.
Tightening Coverage Protocols
Driven by heightened awareness of cyber threats, customers must prove to carriers that they care about cybersecurity. So, in addition to increasing coverage prices, underwriters are taking a closer look at how companies maintain their cybersecurity and cyber hygiene capabilities.
According to The Council of Insurance Agents & Brokers (CIAB) Commercial Property/Casualty Market Index, carriers have responded to cyber claims’ increased frequency and severity by adopting stricter underwriting guidelines.
For example, if a company does not have Multi-Factor Authentication (MFA) or data encryption, they are deemed “virtually uninsurable,” and a quote is refused.
Agents and brokers also report that carriers require stronger passwords, third-party vendor management, an incident response plan, training of employees on phishing, system backups, and endpoint detection.
In some cases, carriers add a minimum of 20% ransomware coinsurance provision to their existing coverage proposals.
“Cyber insurance is becoming increasingly difficult to obtain as the application and renewal processes are changing rapidly. Many of our clients are caught by surprise, and some are denied renewal coverage when unable to respond with the appropriate safeguards,” says Jamie Parry, Vice President of Mason-McBride. Nonetheless, it is now more important than ever to have coverage. “As the likelihood of a cyberattack grows, we are seeing more and more claims where a cyber policy can mean the difference between recovering from a cyber attack and losing everything you’ve worked so hard for,” Mr. Parry said.
Real-Life Cyber Insurance Claim
Consider this real-life example of a cyber incident in a nonprofit organization:
In this example, the cybercriminal sat in the email inbox of the nonprofit’s Finance Director for over four months, just waiting and watching. So how did they gain access? First, they researched, found the person who handled the money, sent a phishing email, and stole her credentials.
The attacker spoofed the nonprofit’s domain, set up email rules to divert replies, and sent compromised attachments. They sent an email to six people facilitating two substantial fund transfers of roughly $620,000 each — totaling nearly $1.3 million.
A short time later, the organization realized that employees were being asked to purchase gift cards via email. After doing some digging, they realized they’d been hacked, and the large payments they made went to a fraudulent bank account. So they acted quickly by contacting their insurance provider, Coalition.
The Coalition team stepped in and discovered 82 malicious logins into accounts worldwide. Immediately, the claims team worked with law enforcement to file a report and stop the funds from being transferred. Due to their rapid response, they were able to recover all but $500 of the money.
Claim Scenario provided by Coalition
Mitigate Risk with Cyber Liability Coverage
Small and mid-sized businesses face a growing number of cybercrime threats. Cyber insurance can helps cover the costs associated with a data breach—including investigation expenses, customer notification expenses, credit monitoring services, and lawsuits—allowing these businesses to recover from a data breach more easily.
Additionally, cyber insurance extends to third-party claims alleging unauthorized disclosure of personal information or other confidential data.
Take Action to Safeguard Your Business
Find out how Mason-McBride can protect your business with cyber liability insurance. Get a quote started.
For helpful tips on other popular topics, check out:
Article By Jamie Parry
