Like it or not, cyberattacks are now an expected part of running a business. It’s no longer a matter of if a breach will occur but when. To this end, it’s critical for businesses of all sizes to be prepared—but especially small- and medium-sized businesses (SMBs), as they have become primary targets for threat actors. SMBs often lack the resources of their enterprise-level peers to mitigate and combat the consequences of a cyber event, making it easy for threat actors to find a way in.
Having operated in the SMB space for years, I’ve seen firsthand how security issues can plague small business owners that lack the resources of their enterprise-level counterparts. There’s often a severe lack of visibility into the amount of risk SMBs carry. This is why I took the leap into the cybersecurity industry to help business leaders understand what they can do to protect their companies from some of today’s biggest threats.
While the exact number of cyber attacks on small businesses is difficult to determine (due to many attacks going unreported or unnoticed), it takes only a glance at the latest general breach statistics to grasp the breadth of the problem. According to research from Cisco, a whopping 43% of cyberattacks target small businesses. Moreover, Cisco also found that small businesses spend an average of $955,000 per attack on restoring normal operations—a number that could easily be reduced with the right protection in place. While these alarming numbers are enough to make any business owner second-guess the need for cyber insurance, here are a few other reasons your small business should strongly consider shopping around for a practical policy.
Invisible data is impacting your risk factor.Many small businesses don’t have cyber insurance simply because they lack visibility into the volume of sensitive information they’re responsible for protecting. The cold hard truth is that you probably have significantly more risk than you think. But if you can’t see it, you can’t do much to keep it safe. To make matters worse, a CNBC survey in 2022 found that many SMBs are not concerned about cyber threats. A majority of these businesses that participated in the survey even felt they could bounce back from an attack quickly if they experienced a hit.
Bottom line? Business leaders need to see their sensitive information (the volume and the level of risk it carries) in order to understand file footprints, how many files could actually be taken and how employees are treating those files—which brings me to my next point.
Employee training is not enough.Did you know nearly a quarter of all breaches are caused by human error? In IBM’s 2022 “Cost of a Data Breach” report, it found that 21% of breaches were caused unintentionally through negligent actions of employees or contractors.
If the volume of your sensitive information continues to grow, it could be an indicator that there’s a lack of accountability for employees to follow cybersecurity best practices. Leverage tools that show you whether or not you’ve done an effective job of seeing if people are following your guidelines and not just ticking the boxes. Determine how employees will be accountable for contributing to your cybersecurity best practice—and make it an engaging journey. For example, consider gamifying the process by setting employee goals around your company’s policies (e.g., “Zero injuries going on 100 days straight” receives an Amazon gift card).
Brand reputation is tough to repair.It’s simply a fact that big brands are far more likely to make a comeback than their smaller counterparts. For small-business owners, a cyber incident could mean shutting down shop for good—even if you can recoup the monetary loss, your brand reputation may never be the same. Building customer trust is no easy feat, as any business owner knows, and once it’s been broken, it’s even harder to repair. Have a business plan that includes cyber insurance to help mitigate the effects of a cyber incident and maintain brand trust.
Protect your company with cyber insurance.When choosing a cyber insurance policy for your business, it’s easy to feel overwhelmed—especially by some of the price tags that come with the larger insurers. Here are some things to keep top of mind when seeking a policy that’s right for your company.
- Take an in-depth look at your current business policy to see what it does and does not cover in terms of cyber insurance. General business policies often carry bare-bones minimal protection for a cyber incident, meaning that you’re still responsible in the event of a breach.
- Understand the volume of sensitive data your company is responsible for protecting. There are tools that can help you calculate the volume of your risk and attach a dollar amount to how much it’s actually worth. This kind of insight allows you to better negotiate with cyber insurance providers.
- Reduce the volume of your risk if possible. It’s not uncommon for companies to hold onto information that is no longer needed. This could include files like duplicate items and outdated information that isn’t a requirement to keep on hand. Take steps to completely eliminate these files before securing a cyber insurance policy, as it can help reduce the amount of your quote.
- Once you’ve settled on the policy that’s right for you, read it in detail to make sure you know exactly what’s covered. Just like any type of insurance, not all policies are created equal.