Most large companies are able to financially survive a cyberattack. But for a small business with fewer employees and less revenue, a data breach can bring business to a halt, and costs associated with the recovery can run a bank account dry.
Ransomware, a type of malware designed to render data or an entire network useless, is one of the most common ways hackers will try to extort money from small businesses. Typically, the victim will have to pay the attacker in exchange for a decryption key, which can cost anywhere from a few hundred to a few thousands of dollars, depending on the industry and whether a cyberforensics team is needed.
“When you factor in the additional cost, particularly of the forensics work, now you might be talking about $20,000 to $50,000 in cost, depending on the extent of the network and the nature of the attack. That number can be much bigger if you’re in the health care space,” said Michael Carr, a certified information privacy professional (CIPP/US) and technology practice leader at Argo Group International.
Eighty-nine percent of breaches overall this year had a financial espionage motive, according to the Verizon 2016 Data Breach Investigations ReportOpens a New Window.. It is estimated cybercrimes will cost businesses more than $2 trillion each year by 2019, according to data from CheckmarOpens a New Window.x, a company specializing in application security.
Despite the lurking threats, many small businesses still don’t have cyber insurance coverage, said Carr, who has been involved with the industry for more than a decade.
“[Cyber insurance] started off as a very niche product aimed at people with a significant web media or e-commerce presence, which 12 years ago was not most small businesses,” Carr said.
Carr recommends small business owners purchase cyber insurance for multiple reasons, mainly because it may not be covered by traditional insurance policies. He says the ever expanding industry now covers “any kind of liability arising out of network security perils,” as well as data restoration costs, business interruption, regulatory fines, ransomware demands and obligations to third-parties.
“The people underwriting your commercial general liability coverage are looking at you in terms of product safety and the risk of slip and falls in your retail store,” he said. “They’re not underwriting your network at all… so cyber policies really fill the gap between what your traditional insurance policies cover.”