Cyber Education - 10 Facts That Sell Cyber Insurance
The more a business knows about data breaches and cyber exposures, the more it appreciates the value of Cyber insurance. Every year new studies offer the latest facts and insights. We highlight the latest findings that can lead to more informed Cyber insurance decisions. Do you have all the facts?
Each year businesses experience more security incidents and data breaches. This trend is not limited to any type of business. The number of breaches grew by 60% (or more) over a two-year period, and nearly 150% in four years.
Just because the Main Street business breach did not make the national news does not mean it did not happen. Small businesses are victims of data breaches all the time. Where the size company was known, 59% of the breaches involved small companies.3 Other studies have found small businesses range up to 70% of all targeted companies.
Public reports are replete with news of apartment applications left in a closet, laptops stolen from cars, patient files found in a dumpster, and emails sent to the wrong people. Roughly one-quarter of all breaches arise from low-tech acts of negligence.4 An asset is lost over 100 times more frequently than it is stolen.5 A small business need not be a crime target to suffer a breach.
Hacking/Malware is now the number-one cause of breaches, overtaking unintended disclosure/human negligence. Hacking/Malware is behind 32% of all breaches, and as much as 67% is in the retail and hospitality industries. It often begins with just an employee clicking on an email attachment that launches malware.
One implication of greater breach complexity is greater response costs. The forensic cost per record is $170 for malware/hacking, compared to $134 for human error.7 The $134-per-record cost for a lost laptop or wrong attachment is still substantial for a small business owner.
Almost every state - 47 plus D.C. and Puerto Rico - has a law mandating prompt investigation, reporting and customer notification of a breach.8 Some state laws give businesses a limited number of days to act. A company cannot afford to ignore a suspected breach or lose time researching response services; otherwise, it risks violating the law and incurring fines.
The median cost of a small business breach is $32,500 for companies with less than $50 million in revenue.9 The average cost is nearly double. That’s a lot less than the millions spent in Fortune 1000 company breaches, but it's probably more than a local shop or restaurant has handy.
Up to 40% of suspected breaches do not require notification.10 The lost information may not be the type protected, or a forensic investigation determines that no personal data was breached. This outcome is great, but it still takes legal and/or forensic help to make this determination. A business owner does not need an actual breach to incur significant costs.
A small business owner might pay $100–$150 (more or less) for basic Cyber insurance protection.11 The cost is a fraction of what was paid for a general business policy. In most cases no application is necessary for a basic policy. For low premium, the insured receives breach response services and a defense to liability lawsuits. One hour of forensic or legal help will cost the insured more.
Consumers have expectations of the businesses they frequent, particularly after a breach. Nearly 85% of consumers expect to be notified promptly. Also 63% want identity theft protection and 58% look for an offer of credit monitoring.12 Cyber insurance policies provide these important services so you can focus on your business.
With the facts, agents and small business owners can understand the value of a Cyber insurance policy. Cyber risks change quickly, and so do the insurance products tailored for small businesses. Let us know if we can give you the latest facts about Cyber risk and insurance products for your book.