Cyber insurance? But I'm not a big tech firm!

Small business owner? Nicely done! But here's something to keep in mind while you're going places and getting noticed: cybercriminals could be checking you out too.

According to the Verizon 2020 Data Breach Investigations Report, 28% of all cyberattacks and data breaches in 2019 targeted small businesses. More than two-thirds of small businesses have experienced a cyberattack. And the FBI reported a 300% increase in cybercrime during the first month of the coronavirus pandemic.

(We’ll get these less-than-fun facts out of the way and then talk solutions, promise.)

A few more stats:
  • 67% of data breaches included hacking and social attacks. Hackers deliberately tried to compromise networks. Small businesses are especially vulnerable to “spear phishing” emails (personalized with name, title, company, work number etc.) inviting way-too-trusting employees to open links or attachments – and give away data.

  • 30% of data breaches were caused by errors or misuse of data. Confidential data got into the wrong hands because of negligence from an employee or partner. It could be a simple mistake like working on a network that's not secure. (Or a big mistake like losing a laptop. See Someone stole my work computer.)

  • 5% involved malware and ransomware. Users couldn’t access their network at all until they paid off their blackmailer. Sadly, the costs of handling a ransomware attack are often much higher than the ransom itself. Think lost data – and lost revenue from business interruption.

Unlike big established companies, small businesses are less likely to have poured time, money and energy into state-of-the-art defenses. Only 10% use any data protection at all.

And because they're also less likely to have Cyber insurance or extra cash to burn, they take a disproportionate financial hit too. Unfortunately, 60% of small businesses that experience an attack go out of business within six months.

So what should you do if you’re a small business owner who can’t afford a cyberattack … but may not think you can afford Cyber insurance?

As they say in software circles, there’s an add-on.


Depending on your insurance carrier, you can often fold Cyber insurance into a Business Owners Policy (or BOP). A BOP is a money-saving combo of 3 types of coverage recommended for small business owners: Commercial General Liability, Property and Business Interruption. (Don't already have one? You may want to ask yourself, When should I shop for a BOP?)

Many carriers now make it easy and affordable to throw Cyber insurance into the mix. Your Cyber insurance may include protection for:

1) FIRST PARTY COVERAGE (covers your non-legal costs):
  • Forensics. Determining if a breach occurred - and how bad it was.

  • Notification and credit-monitoring. Notifying anyone whose data may have been compromised, usually a privacy law requirement. In some states, you're also required to monitor their credit reports.

  • Crisis management and public relations. Restoring your good reputation by hiring professionals in crisis management, public relations and advertising. Since 58% of breaches resulted in a disclosure of personal data, you'll probably need to regain your clients' trust.

  • Business income and extra expense. Replacing income lost due to a breach and covering any new expenses that arise when getting your business back up and running.

  • Extortion. Reimbursing the ransom you may choose to pay to get your network back online – plus the cost of the security firm you’ll need to hire to negotiate with the bad guys.

  • Damaged electronic data. Replacing or restoring data compromised by a breach.

2) THIRD PARTY COVERAGE (pays others if you have legal costs):
  • Regulatory proceedings. Covering legal defense and penalties or fines if you're brought to task by a government regulator like HIPAA (Health Insurance Portability and Accountability Act).

  • Partner, vendor or client lawsuits. Covering legal defense and penalties or fines if you're sued by the people connected to your business for failing to provide security.


Some insurance companies provide small businesses with risk management services that provide free or discounted risk assessment, employee training, and protective hardware or software.


Want to check out your options for top-rated Cyber insurance ... which may include adding it to a money-saving Business Owner’s Policy (BOP)? Call our friendly, licensed agents for a custom consultation on the right coverage for you.

Thanks to the Ponemon Institute, Verizon Data Breach Investigations Report, and Bank of America Merchant Services for all the great info.

The right coverage for you? Surprisingly simple.