Technology has long made accounting easier, from the first adding machines to electronic spreadsheets to today’s cloud computing ecosystem. While recent advancements have allowed business owners and their accountants to collaborate efficiently from any location, they also created a growing cybersecurity risk that cyber insurance can help manage.
Cyberattacks Threaten All Organizations
According to a 2022 survey commissioned by CyberCatch, 75% of small and medium-sized businesses (SMBs) could only survive three to seven days if they suffered a cyberattack.
Big businesses are frequent targets, and their security breaches tend to make headlines. But smaller businesses are easier prey for cybercriminals because they lack the complicated security infrastructure that larger businesses maintain.
The cost of a data breach can be devastating for small businesses. A data breach costs SMBs, on average, $101,000, according to Kaspersky’s IT Security Economics Report for 2020. That cost includes detecting and shutting down the attack, recovering lost data, notifying third parties, legal expenses related to the breach, and lost business.
Cloud accounting is more secure than having all your business’ accounting data on a desktop or device because providers typically deploy top-of-the-line security features. However, any system — cloud or otherwise — is only as strong as its weakest link. It only takes one user falling victim to a social engineering attack, using a weak password, or opening a malware-inflected attachment to give cybercriminals access to your payroll records, vendor and customer lists, bank account numbers, and more.
Manage the Risk with Cyber Insurance
Cyber insurance has become an increasingly important risk management tool for businesses. This insurance policy provides businesses with various coverage options to help recover from data breaches and other security issues.
While the exact coverages vary from policy to policy, cyber insurance typically covers two broad categories of losses:
- First-party losses. These are losses impacting the business due to a cyber incident. According to the Federal Trade Commission, first-party coverage typically covers costs related to:
- Hiring legal counsel to determine legal and regulatory obligations after a breach
- Recovering and replacing lost or stolen data
- Notifying customers and other third parties
- Lost income due to an interruption of business activity
- Public relations and crisis management
- Paying a ransom to have stolen data restored
- Forensic services to investigate a data breach
- Paying fees, fines, and penalties stemming from the incident
- Third-party losses. These are losses that result from a third party bringing a claim against the business. It typically covers costs related to:
- Paying customers affected by the breach
- Settling claims and paying legal expenses relating to disputes or lawsuits
- Litigating and responding to regulatory inquiries
- Forensic accounting costs
Like any insurance policy, cyber insurance policies have exclusions. Typical cyber policy exclusions include lost future profits, the lost value related to intellectual property theft, and the cost of upgrading security after a data breach.
How to Buy Cyber Insurance
Most major commercial insurance carriers offer cyber insurance coverage, so reach out to your agent or broker to get a quote. But keep in mind while cyber insurance is increasingly essential coverage for most small businesses, it can also be difficult — and expensive — to buy. According to Marsh, a New York City-based insurance broker and advisor, cyber insurance premiums in the U.S. increased by an average of 96% from 2020 to 2021.
Following a few IT security best practices can reduce your risk and improve your chances of getting coverage at an affordable price. Those best practices include:
- Requiring strong, unique passwords and multi-factor authentication on any network or system that can be accessed remotely.
- Ensuring your company has backups of all crucial systems and databases.
- Regularly installing software updates on all devices, applications, and networks.
- Educating employees about basic cybersecurity and how to spot common schemes.
- Having a secure, encrypted WiFi network and ensuring employees working from home encrypt their networks.
As technology evolves, so will your exposure to various types of cyber-risks. While cyber insurance coverage can be a critical part of managing those risks, it doesn’t replace security best practices. Take the necessary steps to protect your business to a better chance of minimizing your exposure.