Cyberattacks are rapidly becoming a more prevalent problem for SMBs. The Verizon 2020 DBIR found that 28% of the breaches they observed involved small business victims. This is down drastically from their 2019 DBIR where 43% of the breaches they observed involved small businesses, but this isn’t due to the lack of cybercriminals, but is due to SMBs practicing better cybersecurity hygiene.

While we don’t consider cyber insurance to be part of better cybersecurity hygiene, it’s becoming more popular in an age of remote workforces, which can jeopardize organizational networks. As an MSP, we’ll be the first to admit that even if a company uses all the recommended safety nets for cybersecurity, everything from MFA to firewalls to email filters, your network can still be breached by internal bad actors, resulting in either data loss or further damage being targeted towards your clients.

For the average SMB, the financial burden of a breach is overwhelming, which is why more and more SMB owners consider cyber insurance, but is it really worth?

What Does Cyber Insurance Cover?

Cyber insurance can range in coverage and price drastically depending on the type of policy you take out, but the commonalties between all of them are first party and third party coverage.

First party coverage typically covers the financial damages of downtime, data recovery, and investigation services. While is generally thought to only apply to damages from breaches, cyber insurance can also cover internal failure, such as unexpected hardware malfunctions that create downtime or data loss.

Third party coverage typically covers the legal fees and damages suffered by your clients due to a data breach you experienced. The extensiveness of third party coverage varies widely based on the price of the policy, because third party damages can be the most costly if multiple clients or partners are effected.

Many policies will focus on one party more than the other so it’s pertinent that you fully understand the purpose and the reach of the policy before agreeing to it.

How to Find the Policy That’s Right for You

Shopping for cyber insurance can be overwhelming, especially when you have no idea what key things to look for at what price point. Here are some things you can do to help get you on the right path:

1.   Outline Necessities

Identify what things are the most important when it comes to coverage. Some things to think about is if you only want coverage for external attacks, or if you want coverage for internal failures as well. You should also consider the potential damage your clients would suffer as a result, and adjust your policy accordingly.

2.   Ask How to Get Better Rates

Like most other types of insurance, there are certain good behaviors that insurance companies will give you a better rate on your policy for. These items vary from insurance company to insurance company, but some examples include having a managed services partner, backing up data offsite, MFA, and cybersecurity training for employees.

NOTE: This is so important that we wrote an article on it, read it here:

3.   Control Your Data

One of the most important factors in cyber insurance underwriting is the number of times you access, modify, transfer, and store the information that your business requires to function.  You can control the flow of costs while also scoring better rates on a cyber insurance policy by being smarter with your company’s data.

4.   Work With Your Current Carrier

The carriers that already know your business are ideal to work with when it comes to shopping for new policies. While your carrier may very well not offer cyber insurance themselves, they can typically refer you to a cyber insurance company that they believe might be a good fit.

Even if the company they’ve referred to you isn’t the right fit for your business, they’re a great starting point. It’s a good reason to contact a representative and ask more specific questions about price and coverage for your business.

So, Is It Worth It?

IBM reports that the average cost of a data breach in 2020 is $3.86 million. They estimate 67% percent of the cost comes within the first year, 22% in the following two years, and 11% comes after the first three years. AdvisorSmith Solutions Inc estimates that the US average cost of cyber insurance was $125 per month for $1 million in coverage with a $10,000 deductible.

Not every business is the same, so it can’t be said if a generic cyber insurance plan is worth it. However, for SMBs that modify, access, and store significant amounts of PPI (personally identifiable information), the coverage is arguably worth it.

Need Somewhere To Start?

While KLH, Inc does not offer cyber insurance policies, we are an MSP that know what cyber insurance companies give better rates for so you can secure and cover your SMB at a discounted rate. Contact us at 952-258-8200 or to find out more about how we make technology work for you.