Cyber security insurance is more important now than ever. The multiple high-profile data breaches filling the news over the past year have illustrated a changing landscape in the digital world. You’ve probably heard about large companies, retailers, schools or hospitals that have paid massive ransoms, only to be left in the dust without the data they were promised they would get back – and forced to recover it through other means.
However, it is important to realize hackers aren’t only going after the biggest, juiciest targets. As Tim Quinn of Quinn Insurance, a Prime Secured partner, points out, the media doesn’t like to cover the millions of personal data thefts that happen annually. “Ask the credit card industry what the total dollar amount is of smaller fraudulent claims,” he said. “It’s billions of dollars. The media likes to sensationalize the big ones, but the small ones add up.”
Most importantly, we want Prime customers to know that every computer has the potential for a costly breach. Automated hacking programs running across the world are constantly pinging every computer they can find, looking for vulnerabilities and amassing profiles of data on you, me and everyone else. They don’t care if they only hit a vulnerability once in thousands of tries.
It’s like an opportunistic thief trying car doors in a parking lot to see if they’re unlocked—the hackers are checking thousands of doors a minute. Even if you don’t think you’re a likely target, you can’t protect yourself just by keeping your head low. Even if the hacker doesn’t get anything out of you in the end, they could still cause incredible damage to your business.
You may not have thought about using cyber insurance before. Especially if your company is small, you might think you’re not in danger of losing much. But the reality is that cyber-attacks are becoming more frequent. To avoid unnecessary losses, you need to actively protect your digital property, and cyber insurance can help.
The Costs of a Breach – Even for Your Organization
Many people don’t understand exactly how much a data breach could cost them. Even if you don’t incur any direct financial damage from fraud or extortion, the costs associated with being hacked can be astronomical.
For starters, federal law requires you to inform everyone affected by any breach—and that means everyone. You’ll have to determine everyone who was affected and how to contact them. Depending on your situation, this investigation can cost several times more than any ransom a hacker asks for.
In one example, a single individual working remotely for a small company forgot to turn on two-factor authentication. It took hackers less than a day to find the vulnerability, and soon they had full access to all the employee’s emails. Tens of thousands of them. In the end, the hackers didn’t get anything else, but it cost the company more than $20,000 to pay for the investigation and notification costs.
While it may not have been an eventful day for the criminals, it was devastating for the small company because they didn’t have cyber insurance—and that $20,000 price tag was from an attack where the hackers didn’t manage to get anything directly. Obviously, it’s even worse when they succeed.
Paying a Ransom is No Guarantee
A hackers only goal is to squeeze everything they can out of you. Even if you pay a ransom, there’s a good chance they won’t return your data. They might not even know how! Once the money is in their hands, they have no incentive to communicate with you further. They already got paid.
In fact, studies have shown less than 10% of victims in ransomware attacks get all their data back after they pay. Less than 30% even get half of what they lost. More and more companies affected by these attacks are choosing to pay up in hopes of getting a quick solution, but the statistics are clear: giving into demands won’t put an end to your woes.
Unfortunately, there’s no easy way out. And losing that data could potentially cripple your company, requiring months of work to make up for lost time and possibly putting an end to professional relationships. Your clients and customers may not feel safe working with you, or they may simply have to move on to using another company while you recover. Most companies simply don’t have the war chest they need to sustain themselves after a loss like that. It’s important to understand that these attacks are common and to make sure you’re protected.
Cyber Insurance Can Protect You From the Crippling Loss of a Cyber Attack
Of course, having secure systems is the first line of defense against these attacks. But the world of cyber security is ever shifting. Hackers are constantly developing new techniques to circumnavigate your defenses. And even if you have the best technology available, hackers can go through employees who are fooled into thinking the hacker is a trusted person or someone who has leverage over them.
You can never be completely sure you won’t become the victim of a successful cyber-attack. But with a comprehensive cyber insurance plan, you can be confident your company will survive if the worst happens. Depending on your plan, insurance can cover any direct financial losses but also cover the cost of forensics, lost business, and recovery of lost data.
"At the end of the day, we want to make sure businesses remain solvent if they sustain an event that affects their ability to operate,” Quinn explained. “We want them to be able to keep going, and for most organizations that’s worth the price of insurance. Everybody should have some kind of coverage.”
There are a wide variety of different options for cyber insurance coverage, but these are some of the most common that can be purchased separately or as part of a package:
Your plan will be tailored to you and your company’s needs, depending on your biggest risks and concerns. Cybercrime is complicated and can involve many kinds of damage, so there are many more options for coverage.
Secure Systems are a Must for Cyber Insurance
While cyber insurance can keep your company afloat when disaster strikes, it can’t keep you safe by itself. It’s important to have systems that are as well-protected as possible even when you’re insured.
Besides the obvious benefits of making a catastrophic event less likely, if your systems are secure, you’re likely to get a much more affordable quote from the company providing your cyber insurance. In fact, most providers are unlikely to cover a company that doesn’t at least have some of the basic defenses such as Multi-Factor Authentication (MFA) and Endpoint Detection Response (EDR).
These protections are necessary because insurance providers know how high the risk of an attack is. But a company that values its digital security should have these protections either way. It’s far better to avoid suffering a damaging attack in the first place.
Protect Yourself from Cybercrime Before Disaster Strikes
Ransomware and other cyber attacks are becoming more and more frequent as hackers adapt to automated tools and scraping the internet for data. On average, 4,000 ransomware attacks occur in the U.S. every single day. The big crimes make the news, but you don’t hear about the majority of attacks, which are carried out on individuals and small organizations.
“They’re hitting a billion IP addresses looking for vulnerability. We are under constant attack,” Quinn said. “That’s what’s going on here, and it’s morphing fast. But you can’t see, feel or hear it. It’s just a rogue silent ‘killer.’”
Unfortunately, many people don’t realize how devastating a cyber attack can be to their company until it happens to them. And many smaller organizations make the mistake of thinking they’re safe because they don’t have intrinsically valuable data to target. But even if hackers don’t get anything out of it, you still could suffer catastrophic losses. The reality is, every organization should be prepared and have a plan in place before an attack happens.
If you want to learn more about cyber insurance or have questions about how you can best protect your data and your company, visit Prime Secured. Prime works daily with experts such as Quinn Insurance and our own staff of IT security engineers. We can help you protect your digital property.