Common Misconceptions of Cyber Insurance

One of the most challenging issues facing businesses today is cybersecurity. High-profile and recent breaches, such as those at Target, Uber, PowerSchool, and Grub Hub, make all organizations pause to consider the ramifications of a breach and how it could potentially halt a business or, worse yet, cause its demise. Breaches can be costly in terms of reputation damage and can also take some time to discover. According to a recent IBM study, the average time to find a breach is 280 days. Containment of a breach is yet another worry, as that typically takes up to a year. Then, there is the overall financial cost of breaches, which can ruin companies that are ill-prepared for such an event. Our recent articles, Cyber Insurance 101, A Review of Cyber Insurance: Pros & Cons, and Cyber Insurance Vs Cyber Security- Why You Need Both have provided our readers with insights on the need and scope of cyber insurance. Today’s article focuses on five main misconceptions surrounding cyber insurance and our attempts to debunk them. Please read on to learn more about cyber insurance and why you should consider it for your small or medium-sized business.

Myth #1 - Cyber Insurance Is Too Expensive

Many business leaders weigh the pros and cons of purchasing cyber insurance. Unfortunately, many wonder about the benefit of such a purchase if they already have business liability insurance. Far too often, business leaders put off investing in cyber insurance and neglect to consider the cost-benefit ratio and potential financial losses from cyberattacks. The cost of cyber insurance can vary from several hundred to several tens of thousands dollars, depending on the size of your business, annual revenue, and coverage level. But the question remains. “Is it worth it to risk not being covered, if (or when) a breach occurs?” If you still aren't convinced that the cost is worth it, consider that the average cost of a data breach in 2023 for organizations with fewer than 500 employees was a staggering $3.1 million according to the 2023 IBM Security report. One data breach could be the end of a business. The legal fees, customer notification fees, cost to reclaim data or restore data, and loss of revenue could be catastrophic. Cyber insurance can provide the financial safety net needed to recover from such incidents.

Myth #2 - Our Business Is Too Small to Be Targeted

Think your company’s size or lack thereof, protects you from breaches, hacking or cyber attacks? You would be wrong. This dangerous misconception puts small and medium-sized businesses at risk for not having the needed protection of cyber insurance in the case of an incident. You may be surprised to learn that 46% of all cyber breaches impact businesses with fewer than 1,000 employees. (Identity Theft Resource Center- ITRC) Additionally, the most recent ITRC data shows that fewer than 20% of small businesses surveyed managed to remain unscathed in the past year. Cyber attacks have advanced greatly since the days of the “hacker in a hoodie in a basement.” Their sophistication has increased, and many now target small businesses as easier targets than larger companies with robust cybersecurity.

Myth #3 - Our General Liability Insurance Will Cover It

This is a common misconception of businesses that have already invested in general liability insurance for their property. General liability does cover situations like property damage and bodily injury but has limited coverage for damage sustained during a cyber attack. This is like thinking that your car insurance will cover the leak in your basement. You need the right insurance for the right coverage. While your general liability insurance may cover lawsuits and settlements after a breach, it is not a comprehensive cyber policy. You will want cyber insurance that covers direct and indirect financial losses, legal expenses, forensic work completed to find the cause of the breach, client notifications and crisis management support.

Myth #4 - If Your Cyber Security Is Strong, There is No Need for Cyber Insurance

There is a false idea in the business world that if your cyber security practices are top-notch, then cyber insurance is superfluous. The reality is that no matter how much cyber security a company has, no one is immune to a cyber attack. The concept of being 100% protected is false. As cyber-attacks get more sophisticated, (and they are evolving constantly,) businesses need to protect themselves with both cyber security and cyber insurance should a worst-case scenario play out. Even if your IT department is extremely capable and well funded, you still run the risk of a new vulnerability popping up and then where will you be without the protection that cyber insurance can provide? In many cases having strong cybersecurity can even reduce the cost of your cyber insurance policy.

Myth #5 - Cyber Attacks Target Companies with Sensitive Data

Think your company is protected because you don’t deal in sensitive, protected or financial data? This would also be a huge misconception! If you’re thinking that just because you are not a bank, financial institution, e-commerce retail company, or health care provider you don’t have data that should be protected through cyber security or cyber insurance you are sadly mistaken. If your business relies on computers to operate in any way, you need not only a robust cyber security plan but a comprehensive cyber insurance policy as well. This will ensure that if you suffer any downtime or loss of data (even if it isn’t sensitive) you will have the resources and access to expert support to get you back on your feet again. Consider our article on the cost that a ransomware attack could have on a company. This type of attack could cripple your organization with downtime even if your business collects no sensitive data. Have questions about how cyber insurance works or need recommendations on the type and level of coverage you need? Reach out to the Spectra Networks team with your questions, comments, or concerns. We'll be here to assist you and your organization as soon as you call or submit a form.