“It will never happen to me.”
“My cousin handles all of my IT for free.”
“Insurance is a scam.”
Have you or anyone you know ever uttered these words? We now live in the digital age where cyber attacks are a reality. Most small business owners think that they are immune because they’re small, but the truth is that they are the prime target. They leave their information and their customer’s information wide open to hackers or disgruntled employees. It’s just a fact. So how does the small business owner protect their business, their customer’s information, and preserve their reputation? Insurance, cybersecurity, and creating an emergency plan.
Why get insurance …
Insurance is a financial risk management tool. You pay a little now so when something goes wrong you don’t have to pay a lot later. A substantial loss will tank most small businesses if they don’t have coverage or appropriate coverage. Your insurance representative should be able to explain the coverages you have, the coverages you need, and be able to explain the ‘hows and whys’.
But it’s expensive …
The average first party cost per customer record is a reported $73-$188. Keep in mind that if there are lawsuits, there will be court costs, attorney fees, damages to pay, etc. Not to mention the loss of your reputation and worst of all, the end of your business.
With that in mind, Cyber Liability Insurance is a way to reduce the amount of money coming out of the business should a hack occur. The insurance company is there to help you with the claims process including providing defense and notifying your clients, customers or patients that their information was compromised. Did you know you’re responsible for helping them fix their credit and taking care of any fees they incur because of a hack on your company?
Yes, insurance and cyber security procedures cost money. Think of it as a cost of doing business. When in doubt, start getting quotes. You’ll be surprised at how relatively low these policies can cost, especially compared to the potential costs of a breach without insurance. Find a broker who has access to multiple companies because they represent you, the client, rather than a particular company and they can do the shopping for you.
I don’t need to tell anyone, and I can’t get sued …
It’s essential to know the state laws around this. Signed into law in September 2018, Colorado House Bill 18-1128 states that a business operating in Colorado has 30 days to notify its customers of the breach, no exceptions, and no extensions. If more than 500 people are affected, you also must notify the Colorado Attorney General. If a breach occurs, you could be open to civil and criminal charges.
Your insurance adjusters are there to help you with arranging your defense, notifying your clients, and the overall damage control. But you have to have the coverage in place before anything happens!
Ok, how do I get started?
Take some time to create an emergency plan. It’s important to know what to do before anything happens. Below is a general guideline but get with your insurance representative to custom tailor a plan for you and your business.
- Work with a third party IT firm to ensure your systems are appropriately protected
- Train your employees on social engineering tactics and appropriate record handling
- Create a crisis procedure: who to call, who speaks on behalf of the company to the media, who handles social media posts. Then test it.
- Have a standardized employee hiring process, and know how to immediately restrict employee access to data (Let’s face it, sometimes employees are the most significant risk)
- Find an insurance representative you trust. Having the right coverage in place before an event is crucial and you need to work with someone who understands insurance and has a desire to protect business owners from the what-ifs in life
Once you have your insurance set up, your cybersecurity in place, and a working emergency plan, you’ve severely reduced the probability that a loss will happen. But one thing you can never eliminate is the possibility of it happening. Insurance and cybersecurity are a cost, but nothing compared to the cost of operating without it. Just like the tight rope walker who performs without a net, you may think you’re good to work without paying for these services. Don’t be the business that goes splat because you operated without protection!
Guest post courtesy of Melanie Clay with Six & Geving Insurance in Colorado Springs