Like it or not, cyberattacks are a routine part of running your business. It’s not if a breach will occur, but when. So, it’s critical for businesses of all sizes to be prepared—but especially small- and medium-sized businesses (SMBs), as they’ve become the primary targets for these threat actors. SMBs often lack the resources of their enterprise-level peers to mitigate and combat the consequences of a cyber event, making it easy for threat actors to find a way in.

Having operated in the SMB space for years, we’ve seen firsthand how security issues can plague SMBs that lack the resources of their enterprise-level competition. There’s often no visibility into the amount of risk SMBs carry. This is why PCG is dedicated to and diligent about helping clients with cybersecurity and cyber insurance. We help business leaders understand what they can do to protect their company data from cyber threats as affordably as possible.

As consumers, we protect our home, cars and family with insurance.  We have a wealth management plan. But as business leaders if we don’t have a plan, we’re jeopardizing our entire livelihood through:

• Data recovery costs
• Interruption in operations
• Legal fees
• Reputation damage

Recent statistics underscore the breadth of the problem:

• 46% of cyber-breaches impact businesses with fewer than 1,000 employees
• Small businesses spend an average of $955,000 per attack on restoring normal operations

These numbers are alarming enough to make most businesses evaluate the need for cyber insurance. When doing so, shop around to find a practical cyber insurance policy that will:

• Mitigate the financial impact of a cyberattack
• Cover costs related to data breaches, legal defense, and more
• Aid in swift recovery so your business can continue operating effectively and cover payroll and revenue loss
• Provide coverage against digital risks, like insurance for physical assets

Often cyber insurance is simply overlooked because SMBs lack visibility into the volume of sensitive information they’re responsible for protecting. The cold hard truth is that you probably have significantly more risk than you think. But if you can’t see it, you can’t keep it safe. The bottom line? Business leaders need to see the volume and level of risk their sensitive information carries to understand file footprints, how many files could actually be compromised or stolen, and how employees are treating those files. This brings us to the next point.

Employee training is not enough

Did you know nearly a quarter of all breaches are caused by human error? Most of these breaches were caused unintentionally through negligent actions of employees or contractors.

As the volume of sensitive information continues to grow, it is imperative that employees have a sense of accountability and are following cybersecurity best practices. SMBs should leverage tools that indicate that training has been effective and that your staff is following company guidelines and not just ticking boxes. Determine how employees can adhere to your cybersecurity best practices and make it part of your company culture so all employees take ownership in protecting your most values asset: your data.

Reputations are tough to repair

For small business owners, a cyber incident can mean shutting down your shop for good. Even if you can recoup the monetary loss, your brand reputation may never be the same. Building customer trust is no easy feat as any business owner knows, and once it’s been broken, it’s even harder to repair. Have a business plan that includes cyber insurance to help mitigate the effects of a cyber incident and maintain brand trust.

Where do I start?

Choosing a cyber insurance policy can feel overwhelmed—especially when looking at the price tags of the larger insurers.  Here’ a to-do list when seeking a policy that’s right for your business:

• Do an in-depth review of your current business policy to see what it does and does not cover. General business policies often carry bare-bones protection for a cyber incident and your “umbrella policy” usually leaves you still responsible in the event of a breach.
• Know the volume of sensitive data your company is responsible for protecting. There are tools that can calculate your risk liability and attach a dollar value to it. This insight allows you to better negotiate with cyber insurance providers.

Closing the cyber insurance loop 

Once you’ve settled on the policy, read it in detail to know exactly what’s covered. Just like any type of insurance, not all policies are created equal. PCG can ensure you have the right cyber services in place and that your policy is aligned with your business continuity plan should there be a cyber breach.

Don’t wait until it’s too late to get cyber insurance. Small-business owners should strongly consider obtaining a policy to minimize the impact of any cyber-related incidents (breaches, leaks, phishing scams, ransomware, etc.).

Those who already have a cyber insurance policy in place, bravo! Now be sure to optimize coverage as cyber insurance premiums increase each year as these threats just continue to grow.

Contact a PCG security expert to learn more about this process.