A TruShield Insurance poll found that more than three quarters of Canadian small businesses operate without cyber insurance. Here are four cyber risk facts on protecting your business from serious “bytes”.
According to Ginni Rometty, IBM’s Chairperson, President and CEO, “…Cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.” Bleak words from a large multinational corporation, but we wanted to get a view on what small businesses think about cyber risk. To find out, we polled hundreds of small business owners and decision makers from coast to coast, and it turns out that 77% of them don’t have cyber insurance.
“You can’t research your way to an effective response plan. Executing a recovery strategy as soon as you get hacked will mitigate the negative impact on your business from a financial and reputational perspective,” explains James McDowell, Blackberry’s Cybersecurity Director. An effective response plan should include cyber insurance coverage. Insurance can help cover some of the costs that may result from a cyber hack, including the cost of hiring the various professionals necessary to best execute a business’ recover strategy following a cyberattack.
65% of businesses that we polled aren’t very confident that they could survive a cyberattack. What can you do to be better prepared for a cyberattack against your business? Here are four cyber risk facts that can help your business recover from scary hacks and serious “bytes”.
You should back up all of your data regularly.
33% of Canadian small businesses we surveyed don’t back up their data at least once a week. That may not seem like a lot, but considering how beneficial and easy it is to perform a back-up, that 33% should be a lot closer to zero. How often you back up your data directly correlates to how vulnerable your business is after a cyberattack.
Let’s say your business falls victim to ransomware which locks you out of your own data, and the hackers responsible are attempting to ransom it back to you. If you happened to back up all your information a day before the cyberattack, your business would be in a better position to pick itself back up while you deal with the ransom issue. However, if you last performed a backup one month ago, there’s a greater chance that you’ll be locked out of important data, making it much harder for your business to resume operations. Ideally, your backed-up data is recent enough that you don’t even need to pay the ransom to get your locked data back. Instead, you can simply proceed with your backup version.
All customer data needs to be protected, including non-financial info.
Our research found that of the Canadian small businesses we surveyed that aren’t protected by cyber insurance, only 9% store their customers’ credit card information. On the other hand, more than half of those same non-insured businesses collect non-financial customer data such as phone numbers and email addresses. Even though businesses may be more likely to protect customer data of a financial nature, the reality is that all customer data is worth protecting equally. This is because hackers don’t need financial information to seriously damage a person’s finances.
We repeat: hackers don’t need financial information to seriously damage a person’s finances.
If a cyber criminal obtains credit card information, how long is their window of opportunity to use it for illegal activity? While it could take a month or two for customers and companies to realize a card was compromised, odds are the card gets cancelled quickly and has a relatively short shelf life. However, what if that same hacker got access to names, emails and home addresses, then checked online sources such as social media sites to gather enough personal information to commit identity theft? That kind of crime can take victims years to recover from.
Scenarios like the one above highlight some of the reasons that businesses have been hit with class-action lawsuits after their data was breached, even though none of the compromised information was finance related. Speaking of which…
Class-action lawsuits aren’t the only bad thing that can happen to hacked businesses.
Canadian small businesses seem well aware of the devastating impact a class action lawsuit can have on their company. Almost three quarters of the businesses we surveyed without insurance aren’t confident they have the financial resources to survive a class action lawsuit that may result from a cyberattack.
Sure, a class action lawsuit might end up being the biggest repercussion a business experiences from a cyberattack. However, if a business’ customer data gets leaked to the public and the customers impacted decide not to file a class action suit, does that mean the business is in the clear? The answer is: absolutely not.
Cyberattacks, even without class action or other lawsuits, can severely damage a company’s reputation. Existing and potential customers may distance themselves from the hacked business as a precaution. Enlisting reputation-management professionals to handle the crisis can be a significant cost, and they aren’t the only pros you’d need to hire either. Recovering your compromised data from the cyber criminals and restoring it to your systems isn’t something you’ll want to do alone, even if your business is tech-savvy. And since it may take a while to get a business back up and running after a cyberattack, the amount of potential revenue lost during that process can quickly add up.
In short, lawsuits are a risk to businesses that have undergone a cyberattack but they aren’t necessarily the only one, as other risks can be quite problematic as well.
If you store electronic data, cyber risk and data breach insurance is important to have.
The most common way the Canadian small businesses we surveyed justify not getting cyber insurance is that they “never really thought about it”. The second-most common justification is “I don’t think we need it.” The reason cyber insurance is worth considering is because it can help a business with every nightmare scenario mentioned above. If you forget to back up your data and experience a cyberattack, you’ll be glad you have insurance. If hackers get a hold of your customer data, financial or otherwise, you’ll be glad you have insurance. If you need to hire a reputation-management professional after your business gets hacked, insurance can help you cover the costs.
The reality is that any business, regardless of their size or resources, can be a few mouse clicks from getting cyberattacked. Thankfully, a cyber insurance policy to protect you is also just a few clicks away—and that’s a fact.
This blog is provided for information only and is not a substitute for professional advice. We make no representations or warranties regarding the accuracy or completeness of the information and will not be responsible for any loss arising out of reliance on the information. Terms, conditions and exclusions apply to coverage. See policy for details.