Contrary to popular perception, small businesses are not too small to be targets of cyber-attacks. Most criminals are looking for the path of least resistance, not the “big score”, and that path typically takes the form of small businesses who don’t believe they are targets and aren’t properly prepared. According to the National Cyber Security Alliance, 60% of small and mid-sized businesses that experience a data breach go out of business within six months.
The Reality of a Data Breach
According to research from IBM’s 2019 “Cost of a Data Breach” report, US based firms face an average cost of $8.19 million per cyber-attack. The average response time to contain a breach is 279 days, but those able to shorten their response window to under 200 days saved an average of $1 million—this is especially important as small business typically take longer to detect a breach, which can result in significantly higher fines.
In 2017, the average cost of a stolen record was $148, and in 2018 that average increased to $160. With rising fines, that cost has been calculated at $242 per stolen record in 2019 and that average is expected to rise year over year. Additionally, for businesses that experience a breach, there is now a 30% chance of experiencing another attack in the next 24 months.
The costs of a data breach will span multiple years. Only about half the costs are seen in the first year. About a third of the costs come in the second year in the form of re-architecting, security monitoring, and additional remediation. Other unaccounted for costs include paying lawyers to ensure the business is in compliance with all breach laws in their jurisdiction, continued monitoring, forensic analysis, etc. The time required to implement the proper protection protocols after a breach can take up to five years.
What is Data Breach Insurance?
Data breach insurance helps to protect business owners against the costs associated with having personal data compromised. This insurance is for more than just cyber-attacks, it also protects against internal failure, human error, and corporate espionage. Coverage includes money for:
- Legal Consultants
- Forensic Services
- Consumer notification
- Credit monitoring
- Fines and Penalties
- Lawsuit Defense and Settlement
Generally speaking, this type of insurance covers the expenses a business has to pay when consumer information is compromised or lost. There are multiple options for small business owners to acquire data breach coverage or cyber liability insurance, usually as a rider on a general liability policy.
Not all data breach policies include coverage for cyber liability, meaning that a digital hack may not be covered so a combination of data breach and cyber liability coverage may be required to fully protect against lawsuits, fines, and public relations issues.
The coverage is typically composed of two parts to tailor the coverage for small businesses.
The first part is the Response Expense Limit—this is the total amount paid by the insurer once a data breach is discovered. This would cover things like forensic services, customer notification, and mitigation steps to prevent further damage. For small businesses, the average payout cap has a range of $10,000 to $500,000 based on the selected coverage. The second part is the Defense Expense Limit—this is the amount the insurer pays after for after-attack damages. This will pay for the cost of litigation, regulatory defense, and fines. The payout cap has a range of $50,000 to $500,000.
In selecting a coverage plan, small business owners should take into account the total number and type of customer records they maintain, as well as the potential fines based on type of business, regulatory standards, and area.
Data Breach Insurance Costs
While this will vary slightly based on location, type of business, etc, a rider for specifically for a data breach could be added to an existing commercial general liability policy for about $100 in addition to the premium. A more comprehensive policy that includes cyber liability is typically $1,000 to $3,000 annually.
For 2019, the chart below offers a general idea of costs.
|Policy Type||Liability Coverage Amounts||Typical Starting Annual Premium|
|General Liability Insurance Data Breach Rider||$1 million for general liability $100,000 for the rider||$400 + $100|
|Business Owner’s Policy Data Breach Rider||$1 million for the BOP $100,000 for the rider||$500 + $100|
|Cyber Liability Insurance||$1 million||Cell_Content|
The Insurance carrier will conduct an underwriting assessment for business operation, claims history, and overall risk before finalizing premium costs.
Top Data Breach Insurance Providers
The following providers are highly ranked for small business data breach and cyber liability insurance.
For more information please click here: The Hartford
For more information please click here: Hiscox
For more information please click here: CoverWallet
For more information please click here: Travelers
For more information please click here: CNA