As cybercriminals threaten businesses large and small, more owners are opting for insurance protection.

Cybersecurity lapses make headlines when big companies fall victim to malware and ransomware. Yet every day small- and medium-sized businesses are crippled by cyberthreats that never make the news. Some business owners are turning to cybersecurity insurance for protection.

Prevention is always first, but it doesn’t eliminate the risk

Preventive cybersecurity practices are the first line of defense against phishing, ransomware and payment diversion fraud but there’s no guarantee that they’ll stop every threat.

Almost half (41%) of U.S. small businesses experienced at least one cyber-attack during the past year reports the insurer Hiscox. The median cost of each attack in 2023? $8,300.

Cybersecurity insurance mitigates risk

Faced with more attacks each year, some business owners are protecting themselves with cybersecurity insurance. While coverage doesn’t prevent cyber-attacks, it helps businesses recover and mitigate damages after an attack.

What cybersecurity insurance covers

Coverage varies by insurer, but Hiscox says policies often cover:

• costs associated with responding to a data breach, including the cost of notifying those who may have been affected
• ransom demands and cyber extortion
• cybercrime, including social engineering and funds transfer fraud
• lost business income and data recovery
• expert assistance in responding to a breach and containing the damage.

Another insurer, AmTrust Financial, reports that policies can also cover:

• indemnification for legal fees and expenses
• option to monitor the information of anyone impacted for a specified period
• costs incurred in the recovery of compromised data
• costs for repair of damaged computer systems

What cybersecurity insurance doesn’t cover

Like many other insurance products, cybersecurity insurance won’t cover deliberate wrongdoing by the business or its employees. In addition, the U.S. Chamber of Commerce notes that none of the following are covered:

• criminal proceedings, including criminal prosecution claims like grand jury proceedings or criminal investigations
• lost, stolen, or transferred funds other than what is specifically covered by a policy
• interrupted or failed infrastructure, such as a loss of power
• prior knowledge—if you knew about a threat before purchasing a policy, a claim won’t be covered

Thoroughly read an insurer’s policy before buying cybersecurity coverage.

What does cybersecurity insurance cost?

Business size, annual revenue, industry, and how much sensitive data is handled are all factors in in determining premiums for cybersecurity insurance. Small business pay on average $145 per month or $1,740 annually, according to Insureon.

Who needs cybersecurity insurance?

All businesses are at risk for cyberthreats but those at greater risk include those that:

• conduct business online
• accept digital payments
• collect and store sensitive customer/patient information
• use mobile devices to access business data

Additionally, municipalities that conduct business online are at risk. At Consumers, our dedicated team helps ensure municipal banking services stay secure.

 

Federally insured by NCUA