Tag Archives: Cybersecurity

Small businesses need cyber insurance – just like everyone else.

Used to be, hackers would spend most of their time hitting big companies with deep pockets and troves of customer data.  

But the times have changed. Launching a hack is as cheap and as easy as never before. Because of this, lots of hackers are playing small-ball by going after small businesses.  

Their calculations make sense. A ransomware payout might only be a few hundred dollars, but if hackers can hit hundreds of businesses simultaneously, their ill-gotten loot adds up pretty quickly.  

Small businesses know they’re at risk. According to a recent Insurance Information Institute (I.I.I.) and J.D. Power 2018 Small Business Cyber Insurance and Security Spotlight Survey, 70 percent of surveyed businesses said that the risk of being victimized by a cyberattack is growing at an alarming rate.  

But only a minority have cyber insurance. Only 31 percent said they have cyber insurance – and 70 percent said they don’t have plans to purchase a policy. (Commercial cyber insurance varies across policies but will usually cover expenses incurred from a data breach, like lost revenue, legal costs, and crisis-management.) 

Meanwhile, we found that 10 percent of respondents said they have experienced at least one cyber incident in the prior year. To give you some perspective, that’s about the same rate as drivers get into auto accidents.  

Imagine getting into an accident and not having auto insurance. It’s an expensive proposition. The same goes for cyberattacks – we found that the average small business cyber losses for the past year were $188,400. That’s a lot of money for a small company to absorb.   

As hackers continue to get nimbler, the need for small businesses to have cyber insurance will grow. It’s incumbent on insurers to educate their business clients about the value of cyber coverage.  

And the value is there to see: 97 percent of our survey respondents who had cyber insurance and were hacked said that their coverage was good enough to make them whole again.  

Survey: People are aware of cyberrisks, but many aren’t doing anything about them

even your coffee maker can get hacked these days.

A lawyer once warned me during a seminar that I should never, ever send an email – ever. “Get on a phone instead,” he counseled. (I assume he hadn’t watched The Wire.) 

Impossible to follow as his advice was, it stuck with me because he was right, in a way. If there’s anything we should’ve learned after all the data breaches these past few years, it’s that nothing about our online lives is safe from prying eyes. Not Social Security numbersNot medical records. And definitely not our social media activity 

People know the risks. The good news is that many American consumers are aware that their connected lives are incredibly vulnerable. According to a recent Insurance Information Institute and J.D. Power 2018 Consumer Cyber Insurance and Security Spotlight SurveySM, almost seven out of 10 connected technology owners (69 percent) are not comfortable sharing personal information on social media such as Facebook and Instagram. 

But behavior is slow to change. The bad news is that only about a third changed the way they used social media or connected technology after learning about recent data abuses and breaches. 

And it’s even more alarming that fully 85 percent of surveyed connected technology owners either don’t have cyberrisk insurance or don’t know if they do.  

Education and insurance are important. Just like in real life (wear a helmet, everybody!), leading a safe online life starts with education about the risks involved. That education includes learning how insurance can help. Insurers are in a unique position to spearhead these education efforts – people will often turn to their insurance company after they’ve suffered losses from a data breach.  

But consumers first need to learn about the cyber insurance options out there that can help immensely after a hack. For that to happen, insurers need to demonstrate to consumers the relatively inexpensive and valuable coverage that is available to protect them.  

The alternative is for all of us to go back to sending letters by snail mail – or, if a certain lawyer is to be believed, never writing anything down at all.  

People Get Hacked. Insurance Can Help.

get protected.

It’s October – and that means it’s National Cybersecurity Awareness Month.

The National Cyber Security Alliance has dedicated the first week to making homes safe from hacking. And for good reason. Families are increasingly living connected lives: on social media, in video games, and through “smart” home technology like connected thermostats or burglar alarms.

So-called “smart tech” (otherwise known as the Internet of Things) is only getting more popular: three out of five Americans have connected technology in their homes, according to a recent Insurance Information Institute and J.D. Power 2018 Consumer Cyber Insurance and Security Spotlight SurveySM.

Smart tech is convenient and efficient. Why not buy a thermostat that can automatically adjust the temperature to save you money?

Your smart tech can be hacked. But convenience can be costly. Hackers are getting more sophisticated. Your smart security system might discourage burglars – but not hackers. Hackers can use your smart thermostat to attack major websites, which is what happened in several major hacks.

Nearly a third of the smart tech owners surveyed said they have been identity theft victims.

People aren’t covered for cyberrisk. More than four out of five American consumers who own connected devices either lack insurance to protect them from cyberthreats or do not know if they are covered – and over 75 percent said they don’t plan to pay more for cyberrisks coverages.

That’s not great. Cyberrisk coverages are usually fairly inexpensive, sometimes as low as $30 per year. For that low price consumers can often get help for a range of cyber threats, including identity theft, cyberbullying, and ransomware (depending on the individual policy).

Education about cyberrisks is crucial. It’s a simple problem: People often don’t have cyberrisks coverage because they don’t know much about cyberrisks. Which also explains why many cyber-attacks are essentially “user error” – for example, a hacker sends a disguised email and a user clicks on a link, downloading malicious code onto their computer. Or someone buys a smart tech device and doesn’t change the factory password.

Getting educated about the risks of hacking is the first step to protecting your data. The next step is to use security tools. One such tool is insurance.

Insurance helps. Insurers need to make that clear. Whether as an add-on coverage to a homeowners policy or as a stand-alone policy, cyberrisks insurance can help protect you if you’re hacked. But the I.I.I/J.D. Power survey found that many people don’t know about this kind of insurance.

Insurers need to help educate their customers about the cyberrisks they face. Then they can help their customers understand why insurance can be a low-cost tool to protect their identities and assets.

Where To Go For Small Business Cybersecurity Advice

Small businesses are increasingly vulnerable to cyberattacks. A new website launched by the Federal Trade Commission (FTC) is aimed at helping small business owners be better prepared.

The site – ftc.gov/SmallBusiness – is a one-stop shop where small business owners can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.

Online FTC resources include a new Small Business Computer Security Basics guide with information to help companies protect their files and devices, train employees to think twice before sharing the business’s account information, and keep their wireless network protected, as well as how to respond to a data breach.

Specific information on ransomware and phishing schemes targeting small businesses is also provided.

According to the U.S. Small Business Administration, there are more than 28 million small businesses nationwide, employing nearly 57 million people.

Cyberattacks can be particularly damaging to small businesses, and many lack the resources that larger companies have to devote to cybersecurity.

For example, the percentage of spear-phishing attacks targeting small business rose from 18 percent to 43 percent between 2011 and 2015.

Insurance is one of the ways in which small businesses can protect themselves. See I.I.I. resources on cyber liability risks.