According to a 2022 survey by the Canadian Federation of Independent Business (CFIB), nearly half of all small businesses in Canada (45 per cent) had experienced a random cyberattack in the past year, while 27 per cent experienced a targeted attack. The threat is real, and as artificial intelligence (AI) tools find their way into criminals’ hands, the scale of attacks could increase in frequency and sophistication.
Many small businesses assume their current commercial general liability or property insurance policies cover cyberattacks, but they don’t always. Data may not be considered tangible property, and might be excluded under a property policy. Financial damages arising from corruption of electronic data, a computer virus or malware, and ransom attacks may not be covered under traditional liability policies. For those risks, a cyber insurance policy could help.
What is a cyber breach?
Cyber breaches – also known as data breaches– happen when unauthorized individuals view or access sensitive company data such as employee, client, or customer documents, files, and payment systems. Criminals can sell the data to others, hold it for ransom, or use it to commit identity theft.
A few types of data cyber thieves may target are:
- Computer, server, and network login credentials, including account numbers, usernames, and passwords
- Sensitive personal information such as names, addresses, birthdates, as well as phone, passport, and social insurance numbers
- Financial information such as credit card or bank details
- Personal health records
- Intellectual property such as confidential research, patents, and trademarks
Common cyber threats
Phishing – Phishing refers to “lures” hidden in links within emails from fraudsters impersonating well-known companies or contacts in an individual’s email list. Users who click on the links are lured into giving away sensitive data or are directed to websites infected with malware.
Whaling – A phishing attack targeting or impersonating a CEO or business leader to gain admin-level access to an organization’s computers, servers, or network.
Malware – Short for malicious software – this attack refers to any code or program created to harm a computer, server, or network. Viruses, worms, trojans, bots, adware, spyware, and ransomware are just a few examples of malware. Malware can get onto your device when you open or download an email attachment as part of a phishing scam, when illegally downloading movies or games, and while surfing or downloading content from legitimate websites infected with malware.
Password attacks – These use automated tools to speed up the guessing and cracking of passwords, combining them with usernames easily guessed across a company or obtained through previous malicious attacks.
Ransomware – A type of malware that prevents individuals, companies, or organizations from accessing computer files, servers, or networks until a ransom is paid for their decryption.
How much could a cyber breach cost your business?
Beefing up cybersecurity can be daunting, and hiring cybersecurity contractors or personnel to set up and monitor your cyber defences might seem cost-prohibitive, but not locking down your data could be vastly more expensive. In a 2021 cybersecurity poll by the Insurance Bureau of Canada, 41 per cent of small businesses who suffered a cyberattack said the breach cost them more than $100,000.
Why does a cyber breach cost so much?
When a hacking or ransomware incident occurs, not only will your data need recovering, but your reputation and balance sheet might as well. Whether you pay the ransom demand or not, you may need an IT team to perform a number of tasks including forensically identifying and removing the malware, recovering your data (assuming you have backups), re-installing and running malware scans on all software and hardware, setting up new security protocols on your computers, servers, and network, recreating your user accounts, and assigning new passwords. Depending on how widely the cyberattack or ransomware compromised your IT infrastructure, the process could take several days to weeks.
If you don’t have business interruption insurance, the inability to generate revenue during this time could strain your finances or threaten the well-being of your business.
What is cyber risk and data breach insurance, and what does it cover?
This type of cyber insurance is designed to help protect small businesses from certain losses associated with privacy or cyber breaches. Suppose a document containing personally identifiable customer information is lost, a device containing sensitive information is breached, or your business gets hacked. Cyber risk insurance could help cover the cost of incident response (including data recovery and network repair).
TruShield customers can also access support services provided by CyberScout, a leading data risk management service provider. CyberScout can offer advice about proactive measures to protect your business from cyber threats, and in the event of a breach, they can provide response assistance such as crisis management, client or customer notification assistance, and media relations advice.
TruShield also gives you access to CyberScout’s website, which provides encryption guides and templates to help you form an incident response plan.
How much does cyber insurance cost?
The cost of cyber insurance varies, depending on your company’s:
- Industry and sector
- Services offered
- Number of employees
- In-office, remote, or hybrid work model
- Annual revenue
- Amount and type of client or customer data stored
- Security systems already in place
- Employee training on cybersecurity
- Previous liability claims
You can save money on small business insurance by proactively managing cyber and data risks, educating employees, and bundling policies. Don’t play into the hands of hackers and leave your business reeling from cyberattacks and data breach losses.
Six things small businesses can do to help protect their business from cyberattacks
You can take preventive actions to secure your data and demonstrate to insurers that you’ve mitigated day-to-day cyber risks for your company. According to Microsoft’s 2022 Digital Defense Report, businesses of all sizes can protect themselves against 98 per cent of cyberattacks by simply implementing security practices like the ones below.
- Have an IT professional or team implement a cybersecurity solution for your business and website. This can be done using affordable tools and includes setting up firewalls, automated software updates, malware scans, and removal of malware on all owned and non-owned digital devices used by employees (including Internet modems and Wi-Fi routers). If you can afford it, create a Zero Trust Architecture, which continues to check, validate, or restrict users’ permissions as they access different tools and more sensitive data.
- Use strong passwords, update them frequently, and implement multi-factor authentication (MFA).Even if hackers crack login credentials via phishing, password guessing, or malware, your data can be better protected because criminals lack the final step in account authentication.
- Restrict access to and protect sensitive data. Allow employees to access only the data they need to do their jobs and encrypt all sensitive data so that it can’t be used even if it’s compromised.
- Back up your data at least weekly, store it in the cloud, and set up Data Loss Protection (DLP) tools. DLP software monitors and protects data while it’s stored on digital devices, in the cloud, and as it moves through email programs and networks to and from third-party suppliers, clients, and customers. DLP can also provide reporting for compliance, auditing, and cyber breach response.
- Educate employees about the importance of cybersecurity. Keeping your workforce up to date on cybersecurity best practices can lead to a safer and more secure data infrastructure.
- Assume the worst will happen and develop a response plan. If your cybersecurity is breached, having a plan in place will help you and your employees navigate the situation.
As an insurance provider specializing in insurance for small business entrepreneurs, you can be confident that TruShield Insurance understands the needs of your business and carries the insurance products to cover you. With Trushield, you’ll have access to a 24/7 claims support team, risk management resources, and exclusive cost-saving customer perks. Call us today at 1.844.429.9480 or access our secure quote tool for a quick estimate of your policy needs and costs.
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information.