Used to be, hackers would spend most of their time hitting big companies with deep pockets and troves of customer data.
But the times have changed. Launching a hack is as cheap and as easy as never before. Because of this, lots of hackers are playing small-ball by going after small businesses.
Their calculations make sense. A ransomware payout might only be a few hundred dollars, but if hackers can hit hundreds of businesses simultaneously, their ill-gotten loot adds up pretty quickly.
Small businesses know they’re at risk. According to a recent Insurance Information Institute (I.I.I.) and J.D. Power 2018 Small Business Cyber Insurance and Security Spotlight Survey℠, 70 percent of surveyed businesses said that the risk of being victimized by a cyberattack is growing at an alarming rate.
But only a minority have cyber insurance. Only 31 percent said they have cyber insurance – and 70 percent said they don’t have plans to purchase a policy. (Commercial cyber insurance varies across policies but will usually cover expenses incurred from a data breach, like lost revenue, legal costs, and crisis-management.)
Meanwhile, we found that 10 percent of respondents said they have experienced at least one cyber incident in the prior year. To give you some perspective, that’s about the same rate as drivers get into auto accidents.
Imagine getting into an accident and not having auto insurance. It’s an expensive proposition. The same goes for cyberattacks – we found that the average small business cyber losses for the past year were $188,400. That’s a lot of money for a small company to absorb.
As hackers continue to get nimbler, the need for small businesses to have cyber insurance will grow. It’s incumbent on insurers to educate their business clients about the value of cyber coverage.
And the value is there to see: 97 percent of our survey respondents who had cyber insurance and were hacked said that their coverage was good enough to make them whole again.