While many SMBs may think they don’t have to worry about cyber insurance, they could be setting themselves up for a costly or even fatal failure, CyberPolicy CEO Keith Moore said.
CyberPolicy helps companies of all sizes develop a cybersecurity program beginning with selecting the appropriate tools before moving on to purchasing a proper policy.
Often the process begins with a conversation about the risks, Mr. Moore said, as many are not aware of them. That was the case of for a bed and breakfast in California whose owners were randomly targeted by hackers who emailed cancellation notices to their reservation base citing a fictitious bed bug infestation. By the time the error was discovered and addressed the owners suffered damaging losses.
That takes care of “But my business is small – why would they target me?” question, but there is another area of they must consider and that is their relationship with business clients and how they connect with them online. As more companies link invoice and remittance systems with each other in increasingly global supply chains, each and every participant must ensure their information is secure and they are not letting viruses and other threats into their supply chain. The infamous Target data breach began via an HVAC vendor, for example.
“We look at ‘plan, prevent and insure’,” Mr. Moore said. “We’re not just selling insurance, we’re giving an opportunity to create a cybersecurity plan.”
And with more than 700 different classes of insurance CyberPolicy helps businesses of all sizes develop an appropriate type of policy for a business of their size and type. A small bakery needs different coverage than an Amazon vendor, who needs different coverage than a larger enterprise linked to dozens of others through its supply chain.
Cyber insurance protects the policy holder against damages arising from electronic threats to computer and data systems which can produce stolen or damaged information and liability and recovery costs including IT forensics investigations, data restoration and customer notification. Broadly, cyber insurance coverage can be divided into two parts. First-party coverage protects against damage you and your business suffers due to a data breach, including investigative services, business interruption coverage and data recovery. Third-party coverage addresses damages inflicted upon customers or partners, such as legal fees, settlement costs, security failures and media liabilities.
Even though developing a cyber security plan isn’t hard, time consuming or even that expensive, 95 per cent of SMBs fail to develop one, Mr. Moore said. And as the digital and data economies become more prevalent more types of businesses are vulnerable as they maintain electronic data bases and communication systems. Hackers know this and look for vulnerabilities that can be used as an entry point to larger prey. Mr. Moore cited the example of tow truck drivers repossessing vehicles. They have access to owner data, including personally identifiable information which needs to be safeguarded.
Because cyber insurance is a newer sector, many insurance providers have limited knowledge of its scope and may not provide ideal coverage. That’s why it makes sense to talk with CyberPolicy, Mr. Moore said.
“The majority of the value we provide we give away for free. We’ll be ready for them when they decide to purchase insurance.”
Like this article? Take a second to support us on Patreon!