Cyber-attacks are on the rise

Recent news coverage of the Equifax data breach has once again catapulted the issue of cyber security into the national spotlight. A breach affecting over 143 million people by a publicly traded company that holds so much personally identifiable information (Social Security numbers, driver’s license data, birth dates, etc.) is newsworthy. However, small business owners should not mistakenly assume that this type of exposure is only applicable to large businesses. Just because it doesn’t make the front pages, doesn’t mean that similar breaches occur to small businesses daily.

50% of US firms do not carry cyber risk insurance

And 27% of executives say they have no plans to buy cyber insurance coverage. This is a surprising statistic considering 61% of the same business owners surveyed expect cyber breaches to increase within the next year.

Why the malaise?

Beyond the idea that “something like this won’t happen to me” small businesses are lulled into a false sense of security because their Business Owner’s Policy (BOP) carries some sort of data breach endorsement. In some sense policy holders have become a victim of the success and convenience of a BOP that combines protection for all major property and liability risks in one package.

Prego.. it’s in there

Don’t assume that every coverage your business needs is included in your BOP. Unlike the classic 80s TV commercial adequate cyber coverage may not be… in there.

While SOME coverage is better than NO coverage, SOME coverage didn’t help one local business owner:

Last March a small medical office in Providence, RI inadvertently downloaded a ransomware virus which encrypted all their patient files. The business owner called his agent weeks later because the costs were quickly adding up.

I could have hired a full-time employee just to deal with this breach…

As a medical professional, the business owner told me he did not have the skill set to prepare for or deal with something like this. He had to cancel and reschedule all his appointments for a full week, he had to hire an IT contractor to try and recover his lost data files, and he had to notify his customers that their medical information may have been compromised. During this time, he still had to pay his employees and cover his overhead with no new income coming into the office. Even after getting the office back up and running, the business income losses and extra expense continued for months.

Like many business owners, this individual figured the coverage was included in his policy. Thankfully his BOP offered coverage that responded to this exposure, but even the most robust endorsements are no substitute for a comprehensive stand-alone policy.

In the end the insured collected the policy limits on two separate data-related endorsements: $5,000 was paid for the physical repairs needed for the hardware and software damaged by the attack and $10,000 was paid for data-related business income and extra expense losses. While $15,000 may seem like a significant claim payment, it was not nearly enough to cover the actual losses:

The audit conducted to calculate the actual business income and extra expense loss showed over a $47,000 in business income losses alone over the two months following the breach.

A hit like this can easily put any small business out of business. Unfortunately, this business owner had to take money out of his savings and retirement to fund the uncovered expenses to avoid closing his doors for good. Can you afford to bootstrap your business if something similar happens to you?

Call us today to find out how the proper cyber insurance coverage could potentially save your business from disaster.