Cyberattacks are a real and detrimental risk, but just 19% of companies have ransomware coverage over $600,000. Unfortunately, that usually won’t cover it, as the average cost to investigate and recover from a ransomware incident is upwards of $2.4 million.
So, how much cyber coverage do small- and medium-sized businesses need? It depends, but probably more than you currently have. Good news is that doesn’t mean it has to be prohibitively expensive, and we can help. Here are a few important considerations we take into account when determining your cyber insurance needs.
Do You Take a Proactive Approach to Cybersecurity?
New research has shown that small businesses are three times more likely to be the target of a cyberattack than larger companies. With an increasing level of risk for small and medium-sized businesses, it’s critical for business owners to be prepared and proactive.
Recovering from a data breach or ransomware attack isn’t a quick process. It can take an average of 279 days to mitigate the effects of a cyberattack. That’s time away from managing and growing your business, which creates a domino effect of challenges for organizations.
Not only does a breach take up time, energy, and valuable resources, but it also negatively affects your customers’ trust. A recent survey found that 76% of respondents would stop doing business with an organization because of a security breach. The true cost of a cyberattack isn’t just the monetary loss of recovering data; it’s also reputational damage that can impact your business for years to come.
With so much at stake, there’s no better time to review and update your coverage options.
Does Your Policy Coverage Match Your Exposures?
Every cyber insurance policy is based on a specific company’s risk profile and its current cybersecurity practices. Whether you’re applying for a new policy or renewing your current one, your insurer will ask for details on your security procedures. With the number of attacks on the rise, combined with skyrocketing mitigation costs, insurance companies want evidence that companies have policies in place to prevent cyberattacks.
Items that are generally covered under a cyber insurance policy include:
- Forensic investigation
- Data restoration
- Cyber extortion
- Reimbursement for legal costs
- Fraudulent fund transfers
- And more
Knowing what’s excluded from coverage is just as important as knowing which items are covered in your policy.
Here are some typical cybersecurity term exclusions:
- Failing to meet a minimum standard of security practices
- Bodily injury and property damage related to cybersecurity incidents
- Coverage for claims that occurred before the policy date
- Acts of terrorism, war, insurrection, or invasion
Your insurance advisor will discuss your specific coverage needs and costs, and remember that demonstrating a proactive security approach can lower your risk profile (which could also positively impact your insurance rates).
How to Get Cyber Insurance Coverage
Even if your business is small, your cybersecurity risks can be big – and growing. Because cyber exposure varies based on the organization, industry, and more, we recommend working with a cyber insurance advisor who can customize your policy to fit your needs.
Questions about your cyber insurance? The eSpecialty Insurance team is here to help – reach out today for a conversation.