Cyberattacks on small- and medium-sized businesses (SMB) continue to rise and will only intensify over the next few years. With the increased prevalence and cost of attacks, the absence of cyber insurance is no longer an option SMBs can afford.
Assessing The Threat
Ransomware is one of the most common forms of hacking and includes the cybercriminal holding files or devices hostage in exchange for payment. Unfortunately, bad actors know that SMBs, in general, are less likely to have the full spectrum of safeguards in place, leaving them particularly vulnerable to this growing threat.
According to Astra, a cyber security platform, ransomware attacks have risen by 13% in the past five years, with an average cost of $1.85 million per incident. By 2031, it is predicted that a ransomware attack will happen every two seconds.
While training employees and requiring measures like strong passwords, regular password resets and multi-factor authentication are critical, these steps are no longer enough.
Establishing a Safety Net
As an added layer of security, businesses of all sizes should invest in appropriate cyber liability and modern crime insurance policies. Cyber insurance typically refers to two forms of critical coverage: privacy exposures, which covers third party liability if personal information is stolen or compromised; and related first party expense coverage, which helps businesses mitigate the costs of damages and recovery resulting from a cyber-attack, which can be costly.
Modern crime policies protect physical theft of money that might be the focus of the bad actors targeting business networks.
The vast majority of businesses cannot effectively recover from cyber-attacks without the incident response expertise, breach management services and financial security that these insurance policies provide.
Increasingly, businesses and other entities are requiring vendors to carry this type of insurance before entering into or renewing contracts.
Businesses should consider this type of protection the same way as other business costs, such as property insurance, general liability insurance and workers’ compensation. Cyber insurance has a reputation of being expensive—even cost-prohibitive. But rates have come down in recent years as most SMB have invested in cyber risk management and related security tools.
When considering coverage, businesses can expect carriers to evaluate the nature of the business and corresponding risk and hazard level; security infrastructure, in-house (firewalls, security software, policies and procedures) and outside (vendor/third-party risk); data sensitivity and volume; and other factors to determine the most appropriate coverage options and pricing.
The threat posed by bad actors is ever-present and constantly evolving. No business, regardless of size or industry, is immune to these risks.
Tucker Lounsbury is president of NBT Insurance Agency, based in New York. As a Certified Insurance Counselor, he has more than 30 years of experience. NBT Insurance Agency is the insurance division of NBT Bancorp, which also owns NBT Bank, which has five NH locations. For more information, visit nbtbank.com/Insurance.
