Cyber insurance has been a big deal for large businesses for a few years now, but it’s still quite uncommon in the small business world.
Whilst we’ve all heard of cyber attacks, website hacking, data and privacy breaches, most of us small business owners believe it’s not something that could happen to us.
Unfortunately it can (and has) happened to small businesses, so it’s important to start thinking about how you can insure yourself against such events.
You might think that you standard small business insurance will cover losses from such events, but this is not the case. Instead, a specialised cyber insurance policy is what you’ll need.
Usually we don’t mention costs within our online guides, or if we do, we leave it until the end of the guide.
But in this case I think it’s important to mention some figures up front, as it’s fair to say that most people may expect cyber insurance to be very expensive.
The good news is that it’s not expensive, with a base premium coming in at less than $1,000 for a typical small business.
Now I understand that $1,000 is not exactly chump change for a small business, but if you read on you’ll learn more about the protection this cover can provide and how good the value is.
There are typically six components to a cyber insurance policy. Some of these components are standard, whilst others are optional extras.
When reading through the different components please be aware that this is general information provided for your benefit, and is not a replacement for professional advice or the need to read the specific policy wording.
This is potentially the most important of the six components, especially in light of the new privacy laws – and large financial penalties – which recently came into force.
If the data you hold on your clients is accessed unlawfully you could find yourself and your business facing some serious costs.
There are costs involved in people taking legal action against you for not protecting their data, as well as the potential costs involved in action taken against you by the regulators.
The privacy protection component of a cyber insurance policy can assist by covering such costs.
If you do suffer a privacy breach there are certain steps which must be followed. Some of these steps may be required by law, whilst others are simply good business practice.
Once a breach has occurred you will need to identify whose data has been put at risk and how the breach occurred.
Generally this is a job for a specialist, which means considerable costs will be involved.
You will also need to contact all of the clients who have been affected by the breach.
If you only have a small number of clients this may not be a huge issue, but if you have clients numbering in the thousands you may need to run a call centre for a period of time.
If credit card details have been breached you may also need to pay for credit monitoring services for all affected clients following the breach.
All of these functions can be incredibly expensive, and the cost of such a breach could reach six figures very quickly depending on the number of clients involved.
Even once all this has been done there will still be the ongoing issue of damage to your brand and your company’s reputation.
All of these costs can be covered under the policy, including the cost of hiring a PR firm to manage the damage to your business reputation.
Without the right insurance in place, a breach of this nature could easy tip an otherwise healthy business into receivership.
Cyber Business Interruption
Some small business owners will be familiar with traditional business interruption insurance.
This type of insurance covers you if outside events, such as a fire or storm, means that your business cannot operate and is therefore losing revenue.
A business interruption policy can protect that revenue, but it only works when there is physical damage, such as that caused by fire or storm etc.
Damage caused to your systems by a hacker may not be physical, but it can still have a devastating impact on your business’s ability to operate.
Cyber business interruption has been specially designed to cover interruptions of a cyber nature, such as those following a hacking which results in a loss of revenue to your business.
Virtually all businesses will hold public liability, which covers them for property damage or personal injury to other people.
Cyber liability is also designed to cover losses suffered by third parties, but instead of covering physical damage or injury it covers losses relating to cyber incidents.
Such events could include intellectual property breaches, defamation or the transmission of a virus, either through your own negligence or via a hacker.
Any of these events could result in legal action being taken against you and your business, but a cyber liability policy can help to protect you against such costs.
If a hacker was to gain access to your system in order to steal data or simply to cause disruption to your business, the costs to rectify that damage could be considerable.
By including the hacker damage component in your cyber insurance package you can ensure that the costs involved in repairing the damage are covered.
It’s important to remember that a normal business contents policy will only cover your physical assets, and not your cyber assets such as websites, programs or data.
A disturbing new trend involves third parties taking control of a company’s data and or systems and then demanding a ransom for the release.
You might think this only happens to large corporations, but small businesses are actually more at risk of such an attack.
A well-publicised attack took place recently on a medical centre located on the Gold Coast in Queensland.
Hackers, reportedly based in Russia, hacked into the medical centre’s computer system and took control of all data including patient records.
The hackers demanded that a $4,000 ransom be paid in order to have the data released.
Cyber extortion insurance can cover a range of costs relating to such an event, including the actual ransom amount.
The policy can also cover the cost of professional negotiators to deal with the hackers, as generally it’s not quite as simple as just transferring the ransom and getting back to normal.
If you’ve read this far you’ll now know that there is quite a lot to cyber insurance in terms of what it covers and what the options are.
Rather than being a form of insurance which can be quoted easily online, it is really something that should be discussed with an insurance broker to determine what you needs are.
From there your broker will be able to put together some quotes and information, as well as recommendations on what will best suit your business.
To speak with an adviser please call our office on 1300 542 245 or complete our online contact form.
Cyber risks will no doubt continue to grow in prominence as more and more business is conducted online, and it will certainly pay to be properly covered if something happens to you.