How Business Insurance Can Protect Your Company After a Cyberattack
Despite all the effort individuals and companies put into protecting their computers, networks, and digital assets, cybercriminals continue to break through their defenses. They achieve their “successes” using a variety of tactics, including:
- Phishing attacks. The cybercriminal sends an email that appears to be coming from a trusted source, and the unsuspecting recipient clicks a link that gives the perpetrator access to their computer and network. A variant of this approach is called spear-phishing. It uses the same basic approach, but the cybercriminal researches the target and crafts a message that the person will see as relevant and specific to them.
- Denial-of-service attacks. This approach involves overwhelming the victim’s computer or network with continual contacts to the point that it is paralyzed and can’t be used for typical work activities.
- Ransomware. This cybercrime involves a cybercriminal gaining digital access to the victim’s computer and preventing them from using it until they pay a ransom.
- MITM attacks. Short for man-in-the-middle, this type of attack involves a cybercriminal illegally viewing data sent between two people, computers, or networks.
- Brute force attacks. This approach gets its name from the fact that it involves a cybercriminal using a “bot” to rapidly try a long list of passwords in an attempt to gain access to a computer or network.
And these are just some of the more common types of cyberattacks. There are literally dozens of ways cybercriminals attempt to steal information or extort payments from victims.
That being the case, many experts consider the risk of being affected by a cyberattack not as a matter of “if” but of “when.” Fortunately, there is a way that businesses can protect themselves financially in the wake of a successful cyberattack.
“Cybersecurity experts are in a constant battle with cybercriminals, and they don’t always succeed in preventing unauthorized system access,” says Peter Shelley, president at business insurance provider biBERK, a Berkshire Hathaway Direct company. “Cyber insurance was developed to help cover costs related to certain types of cybercrimes.”
Each insurer’s cyber insurance offerings are a bit different. For instance, customers purchase biBERK’s cyber insurance coverage as an add-on to a general liability, professional liability, or business owners policy (BOP). It covers several types of incidents, such as:
- System hacks. These are situations where a cybercriminal has gained access to your computer network.
- Data security breaches. A breach is when someone who isn’t authorized to access data bypasses security measures to get to it.
- Credit card fraud. In this scenario, credit card information has been compromised, and the criminal has used it to commit fraud or is likely to do so.
Expenses Covered by Cyber Insurance
If hackers have stolen sensitive information like Social Security numbers, credit card data, or medical records, a business will have to take various actions to address the theft—actions that can be quite costly. These costs are referred to as first-party and third-party expenses.
First-party expenses include fees for things like notifying customers and having experts perform IT and legal reviews of the incident. Third-party expenses include those associated with lawsuits filed over the loss of data in the company’s care, custody, or control.
Cyber insurance helps cover these expenses. Depending on the hack or data breach scope, the costs can be in the thousands of dollars, tens of thousands, or more. Whatever the amount, if a company doesn’t have cyber insurance, it can cause significant financial hardship, especially for a small business.
What Does Cyber Insurance Cost?
Cyber insurance is very affordable, especially when you consider the amount of protection it provides. Often, a company can purchase base coverage for $85-$200 per year.
“When a company offers cyber insurance as an add-on to other coverage that a small business probably already has, like general liability insurance, professional liability insurance, or a business owners policy, getting financial protection from cyberattacks is simple,” adds Shelley. “With cybercriminals working overtime to victimize businesses and individuals, it’s nice to know you’ve got financial protection if your digital protection is breached.”
Tips for Protecting Your Business From Cybercriminals
In today’s connected world, cybercriminals have unlimited targets to attack. Consequently, they’re likely to move on if they don’t find a gap in your digital defenses quickly. To ensure your company is unappealing to cybercriminals, take these actions:
- Develop a cybersecurity plan. Implementing a carefully crafted, comprehensive strategy is the best way to stay ahead of cybercriminals.
- Train your employees. By making your people aware of the methods cybercriminals use to gain access to computers and networks, you decrease the likelihood of someone falling for a phishing attack or some other tactic.
- Create and enforce password requirements. Weak passwords are like an invitation to cybercriminals to access your network. Require employees to use strong passwords and change them frequently.
- Invest in advanced cybersecurity solutions. Using slightly outdated systems in some areas of your operations may be acceptable. But when it comes to cybersecurity, you should implement and maintain high-end solutions. Nothing is worse than suffering a data breach and its ramifications and wondering if better defenses could have prevented it.
- Back up your data to an offsite location frequently. Being able to restore your data from a recent backup means a ransomware attack will be much less effective. It also enables you to quickly repair any digital damage done by an attacker.
- Update your software in a timely manner. Software updates often include security improvements designed to counteract the latest cyberthreats. If you delay an update, you may be making your system more vulnerable to attack.
- Consider using outside cybersecurity resources. While you can handle your cybersecurity internally, you may benefit from getting a third-party perspective on your security posture.
Combining Digital and Financial Cybercrime Protection
There is every reason to believe that cyberattacks will grow in frequency and sophistication in the years to come. Your best approach for protecting your company is to combine comprehensive digital defenses with solid cyber insurance coverage.