Cyber risks for small businesses – and how cyber insurance can help
Cyberattacks pose an increasing threat to small and medium-sized businesses. Yet, according to a Northbridge Insurance study, many small business owners don’t consider cyberattacks or data breaches to be a significant threat.
In fact, the three-year study of 800 Canadian businesses across various industries — conducted in partnership with Leger— found that businesses have become less concerned about cyberattacks over time. That’s due in part to a common misconception that cyber criminals are only interested in large corporations.
Yet, nearly half of small businesses (45 per cent) experienced a random cyberattack in the previous year, according to a 2022 survey from the Canadian Federation of Independent Business (CFIB). And 27 per cent of small businesses experienced a targeted attack.
Any business that has a website, processes transactions, or stores customer data is at risk — regardless of size — and could be held liable if data is lost, stolen, or compromised.
What cyber risks can your business face?
Smaller companies are often easier for cyber criminals to target since they don’t have the same in-depth defense measures in place as larger companies do, such as network firewalls, two-factor authentication, and fraud protection tools. They may even be targeted as a weak link for hackers to gain access to larger vendors or customers.
These incidents can have major financial impacts, resulting in lost revenue and productivity, as well as unexpected costs related to breach response and recovery. There could also be costs associated with notifying customers that their data has been lost or compromised. Subsequent reputational harm could have long-term impacts, such as the loss of customers.
Cyber breaches — also known as data breaches, leaks, or spills — typically involve stealing data, which can then be held for ransom, sold on the dark web, or used for identity theft. A data breach could go unnoticed for weeks or months; on the other hand, cyber criminals could threaten to sell or disclose sensitive data.
These attacks are becoming increasingly sophisticated, thanks to the use of generative artificial intelligence. Some examples of cyber risks include:
Phishing: A form of social engineering in which cyber criminals send fraudulent emails or text messages designed to manipulate employees into downloading malware or sharing sensitive data. This can lead to data loss, identity theft, and ransomware attacks.
Whaling: Another form of social engineering in which an employee receives a fraudulent email from a cyber criminal posing as their manager, requesting sensitive data (such as login details to the company’s customer relationship management system).
Ransomware: If a cyber criminal breaches the network, they can then encrypt data so employees can no longer access it — unless a ‘ransom’ is paid, usually in the form of bitcoin. However, even when the ransom is paid, there’s no guarantee the cyber criminals will decrypt all of the data (and they may still sell some of it on the dark web).
Denial-of-Service (DoS) attack: This occurs when a cyber criminal floods the network with so much traffic, the network can’t respond or it crashes, meaning employees and customers can’t access services such as email, online accounts, or websites.
Not all data breaches are related to a random or targeted cyberattack. For example, if an employee is rushing to a meeting and accidentally leaves their briefcase in a taxi — with paperwork containing confidential customer information — that could lead to a data breach.
What is cyber insurance and how does it work?
When it comes to cyber insurance, some small business owners don’t think they need it, especially if they don’t use a lot of technology. Or they may think it’s too expensive. But even the smallest of businesses are at risk of loss.
Oftentimes, that loss is much more expensive than insurance coverage. In fact, cybercrime and fraud (including phishing and extortion) cost Canadians more than $500 million in 2022, according to the RCMP.
Cyber risk insurance is designed to help protect small businesses from certain losses related to cyberattacks and data breaches, such as incident response expenses, data recovery expenses, and public relations services.
For example, if your business is hacked and personally identifiable customer information is stolen, cyber risk insurance can help with the costs of legal claims, network repairs, and public relations so you can get back to business as quickly as possible.
Cyber safety for small businesses
In addition to coverage for cyber risks, TruShield Insurance customers have access to support services provided by Cyberscout, a leading data risk management service provider. These services include consultation on proactive measures to protect your business from cyber threats, as well as reactive assistance if you suffer a breach — through services such as crisis management, notification assistance, and media relations consulting.
TruShield customers also have access to Cyberscout’s website, which provides data protection tips, data breach regulations, encryption guides, and templates to help create an incident response plan.
Regardless of size or industry, cyber coverage adds another layer of protection against business risks — and should be considered a key ingredient in your small business insurance policy.
Protect your business with a tailored cyber risk insurance policy
The reality is that any business could be the victim of a cyber attack. Our team can work with you to make sure your policy addresses your cyber risks. Visit our cyber risk and data breach coverage page to get started!
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information.