📺 Stream EntrepreneurTV for Free 📺

Cyber Insurance Offers More Than Just Protection Against External Cyber Attacks Think the Targets of this world are the only ones being hacked? Think again.

By Travis Wall Edited by Dan Bova

entrepreneur daily

Opinions expressed by Entrepreneur contributors are their own.

Massive data breaches have become so prevalent that they are no longer big news. The cyber attacks that do grab headlines typically involve banks or large retailers, in which tens or hundreds of millions of records may have been stolen.

Related: 5 Tips to Protect Your Business From Hackers

Because most businesses do not maintain confidential information on that scale, the chances seem slim that smaller firms would be the target of hackers. This may be one reason many businesses don't buy cyber insurance. But that decision misunderstands the cyber risks smaller firms do face.

In fact, most claims under cyber-insurance policies don't involve Target- or Sony-style attacks, but more mundane events. These might include employee or contractor mistakes in handling information, a lost or stolen laptop, the failure to change a dismissed employee's network permissions, or the unfortunate practice of leaving system data exposed.

Clearly, then, small businesses are not immune from external attacks. They also have less sophisticated data-security protections, making them an attractive target: Only one employee has to fall for a phishing email or click a link that imports a worm or malware before the network is compromised, leading to costs that can severely impact a company's reputation and financial well-being.

An example: In 2013, the owner of a specialty t-shirt store, 80sTees, received notices from banks about suspicious credit card charges. Upon learning of the problem, the company stopped accepting credit cards, recoded the company's website so that it no longer stored credit card information and notified approximately 3,500 customers that their personal information may possibly have been compromised.

The company assumed it was the victim of computer hackers. But the more likely culprit turned out to be a former high-level employee who had set up an unauthorized email account that captured information about credit card transactions.

Despite the relatively small size of the breach, the response costs were substantial. According to published reports, the breach caused $200,000 in damages, not including lost sales during the period the company was not accepting credit cards.

80sTees survived its breach. But not all firms do. In a 2012 study, the National Cyber Security Alliance concluded that 60 percent of small firms go out of business within six months of a breach. To mitigate the risk from these events, then, and protect a firm's bottom line, companies should take some basic remedial steps.

1. Businesses of any size must recognize that data security is not just an IT problem but an enterprise risk-management issue.

Data-breach risks come from multiple sources, not just external threats. Because data security should be administered on a companywide level, senior management, not IT personnel, should set the company's policies for data management and protection, with IT's input, of course.

Related: 4 Ways Your Small Business Can Better Prevent Cyber Crime

2. As with any major business risk, insurance should be an integral part of the equation.

At least once a year, companies should survey their insurance to ensure adequate protection against cyber-related risks.

3. Businesses should not expect traditional insurance to cover this type of loss.

Traditional products -- such as commercial general liability policies or property policies -- are designed to cover bodily injury or damage to tangible property. Data breaches and other cyber events, on the other hand, involve damage to intangible assets such as information or computer software. For protection against that risk, companies need cyber insurance.

Third-party cyber-risk policies protect against liability and other costs arising from data breaches. These costs may include breach-notification costs, free credit-monitoring for potentially affected customers, liability and defense costs for civil lawsuits and costs to respond to regulatory inquiries.

First-party cyber insurance protects the policyholder against business interruption losses or costs to repair or restore lost data or software. In the case of a breach, a forensic team probably will have to scour the company's system to identify and fix any problems -- and that process can be expensive.

Cyber policies tend to offer targeted coverages for discrete harms, with each coverage having a separate premium. One coverage part might apply only to data breach notification costs and claims arising from civil lawsuits; another coverage part might apply only to forensic costs to identify or fix a breach; a third part might apply to the cost to respond to regulatory proceedings.

Because cyber-related coverages tend to be compartmentalized, firms should scrutinize the risks they face and ensure that their cyber policies actually cover those potential losses.

Related: Why Your Password is Hackerbait (Infographic)

Travis Wall

Partner, Hinshaw & Culbertson LLP

Travis Wall is a partner at Hinshaw & Culbertson LLP, where he devotes a significant portion of his practice to the defense of insurance companies in coverage disputes involving property and casualty insurance, reinsurance, life insurance and ERISA and non-ERISA disability claims. Wall has substantial knowledge in the area of cyber risks, and advises his clients on policy and coverage matters involving data breaches and the risks associated with the use of technology and social media.


Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Side Hustle

These Coworkers-Turned-Friends Started a Side Hustle on Amazon — Now It's a 'Full Hustle' Earning Over $20 Million a Year: 'Jump in With Both Feet'

Achal Patel and Russell Gong met at a large consulting firm and "bonded over a shared vision to create a mission-led company."

Social Media

How To Start a Youtube Channel: Step-by-Step Guide

YouTube can be a valuable way to grow your audience. If you're ready to create content, read more about starting a business YouTube Channel.

Science & Technology

Brand New GPT-4o Revealed: 3 Mind Blowing Updates and 3 Unexpected Challenges for Entrepreneurs

Unveiling OpenAI's GPT-4.0: The latest AI with vision, auditory, and emotional intelligence abilities is revolutionizing industries. How will it affect your business?

Business Culture

Hybrid Work Is Failing Your Employees — Here's Why (and What You Can Do About It)

Business leaders are trying to choose between in-person and remote work. This leads to hybrid, which just isn't effective. Here's why.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.


Want to Be More Productive? Here's How Google Executives Structure Their Schedules

These five tactics from inside Google will help you focus and protect your time.