Small businesses today face a higher risk than ever with Cyber security issues creating a day-to-day struggle. According to Travelers Insurance, 43% cyber attacks specifically target small businesses. Hacker groups prefer small businesses because there are rarely designated IT teams ensuring the firewalls are robust and updated, making them a soft and easy target.
Cyber and data endorsements are attractive to some small business owners because they’re relatively cheap, and can be added to their existing policy without additional underwriting. However, as technology continues to advance, so does its implementation within businesses. That’s what make cyber endorsements so attractive to add on to a business policy. Unfortunately these endorsements do little more than provide a false sense of security to small business owners facing massive risk.
Let’s look at how these endorsements are inadequate, and why Cyber Insurance in 2020 should be purchased as a stand alone policy by all small businesses.
Liability Limits Fall Short With Add-On Policies
Most often when businesses opt to add the Cyber Libality endorsement to their general business policy, they think they’re protecting themselves, but don’t realize how far short they are when the time comes to financially recover from an attack. Endorsements typically have a starting point of $50,000 aggregate limit for the primary coverage, but they sublimit other necessities such as Forensic IT Review, Legal and Public Relation Services, PCI Fines, Business Income, and other costly expenses associated with a breach. A common sublimit is $5,000, and this could evaporate quickly in the event of a claim.
Let’s consider some statistics when calculating how far this coverage falls short:
- The average cost for a small business to recover after a cyber attack exceeds $1,000,000 (Security)
- The average cost of a malware attack on a company is $2.6 million. (Accenture)
- The average cost per lost or stolen records per individual is $141 (Ponemon Institute’s Cost of Data Breach Study)
Many Exclusions in an Endorsement Vs. Actual Cyber Insurance Policy
Every cyber & data endorsement varies depending on the carrier. Still, some common coverages fall short compared to a “true,” stand-alone cyber liability policy.
Here are a few of the most common to recognize when evaluating your Cyber Insurance coverage:
- Extortion – including any threat, blackmail, or ransom payment is frequently excluded in cyber & data endorsements. Example: A hacker breaches the network of a business and holds their data hostage unless a ransom is paid. Many cyber & data endorsements will not cover the costs from this.
- Sublimits – are often scheduled. Endorsements typically have a starting point of $50,000 aggregate limit for the primary coverage, but they sublimit other necessities such as Forensic IT Review, Legal and Public Relation Services, PCI Fines, Business Income, and other costly expenses associated with a breach. A common sublimit is $5,000, and this could evaporate very quickly in the event of a claim.
- Communications & Media Liability – is often not included in a cyber & data endorsement. This is coverage for plagiarism, unauthorized use, and infringement of a copyright or trademark. This also includes defamation and slander related to reputation or character of an organization.
- Unencrypted Data – a claim involving unencrypted data that was transmitted electronically is typically excluded. While it is generally best business practices to encrypt data at all times, coverage will not be triggered on most endorsements due to a compromise of unencrypted information.
- Social Engineering – is usually a coverage not included in a cyber & data endorsement. Social Engineering is the act of manipulating people to make actions or reveal confidential information. This coverage can also be added to a crime policy.
A Cyber Insurance Policy is an Easy Solution
Separating your Cyber Insurance coverage from your general business policy is the best solution for small business owners. Luckily these policies are comprehensive, address the many complexities that come with responding to and recovering from a cyber attack. They are also relatively inexpensive and provide tools to evaluate your risk to attack in real time, helping your IT professional keep you as safe as possible.
Contact us to see how quick and easy it is to protect your business from financial calamity by talking to one of our cyber insurance experts. We can provide a quote and coverage quickly and have multiple options to fit your individual needs to the correct policy.