A Tale of Two Businesses at the Hand of Cyber Criminals: Are You and Your SMB Customers Adequately Protected?

Cybercrimes are on the rise, but most small and midsize businesses (SMBs) aren’t properly covered. Adding one crucial cyber insurance policy can help SMBs protect against losses from cyber breaches.

Imagine if a hacker withdrew $250,000 from your business’ account in less than 24 hours. Or a hacker succeeded in a ransomware attack that froze up your business’ operations.

That’s what happened to two businesses last year. Fortunately for one, their cyber coverage made them whole. Unfortunately for the other, their lack of cyber coverage almost bankrupted their business.

> Great Northern Docks in Naples, Maine, lost $249,000 when a cybercriminal used a fraudulent website to transfer funds from the business’ account.[1] At the time, the company only had a commercial business General Liability policy, which doesn’t cover funds transfer fraud (FTF). Once notified of the online scam, Great Northern Docks’ bank claimed they were not responsible for recovering the full amount stolen because their security protocol had been followed, but they were able to recover some of the funds.?

While their bank was able to halt the transaction of $66,000 before it was fraudulently transferred through the cyberattack, the crisis cost Great Northern Docks $218,000 in unrecovered funds, associated legal fees, the hiring of forensic specialists and the purchase of new IT infrastructure.

> MI Metals in Oldsmar, Florida, had quite a different experience with a ransomware attack. After discovering the attack, MI Metals contacted their cyber insurance provider, which sent experts to assess the damage. Ultimately, the owners rejected the attacker's demand for $2.4 million in bitcoin after insurance experts determined that no sensitive information was compromised.

Since MI Metals had cyber insurance, the attack had minimal impact on the business financially. In fact, their insurance provider covered $180,000 for forensic experts, attorney fees, hard drive replacements and new software.

Unfortunately, Great Northern Docks’ story may be more common than that of MI Metals. As many as 76% of SMBs experienced at least one cybersecurity breach last year.[2] But, the reality is only 52% of small businesses currently have cyber coverage, compared to 75% of larger businesses.[3]

What does cyber insurance cover?

?Too many SMBs don’t have cyber coverage. And for those that do, only one-fifth of organizations have over $600,000 of coverage, which may not be enough for a significant ransomware event or a data breach that involves victims across multiple states.[4] This leaves many businesses with a costly insurance gap.?

Almost two-fifths (37%) of SMBs with cyber insurance wouldn’t have enough coverage for ransomware payment demands, while 43% aren’t covered for secondary costs such as court fees or employee downtime post-breach.[5]

A strong cyber insurance policy will include the following:

1. An IT Forensics Investigation. A specialized investigation occurs post-data breach to determine the details behind how and why you’ve been breached and helps ensure any subsequent attack will be blocked. This is critical to every business’ continued viability post-breach.
2. Privacy attorney + representation expenses. A privacy attorney is necessary to help you properly notify the federal and state governments of a cyberattack, and protect you against potential lawsuits. Each state has its own notification laws that you’ll have to comply with. Notification laws follow the state in which the breached individual lives, regardless of where your business is domiciled.
3. Regulatory fines and penalties. Both state and federal agencies can impose various fines and penalties on companies in the event of a breach. These are in addition to restoration costs and can add up quickly.
4. Credit card and ID theft monitoring. Consider offering a credit freeze and fraud alert post-breach for at least a year to make it difficult to open accounts in a victim’s name.[6]
5. Public relations (PR) and communications. Notifying the media, stockholders, clients, vendors and customers post-breach is key to mitigating reputational harm both internally with employees and externally with customers.? Having a media team that understands this and has experience with it will be key in the rush to salvage your business’ reputation in the aftermath of the breach.

Armed with the right coverage, SMBs can protect themselves. This October, during Cyber Security Awareness Month, let iBynd help you find the right coverage against cyberattack incidents. Contact iBynd to learn more about embedded cyber insurance.

|DISCLOSURE This information is intended for informational purposes only. All insurance statements and examples made herein are subject to the terms, conditions, and exclusions of the applicable insurance policy. Coverages and features may not be available in all states. Eligibility is subject to the applicable underwriting criteria set forth by the insurance carrier.|

References:

1. The Wall Street Journal “Small Businesses Struggle With an Increase in Cyberattacks,” June 7, 2022.

2.? GlobeNewswire “SMBs Reach a Cybersecurity Tipping Point as Rising Attacks Boost Reliance on MSPs, According to Research from ConnectWise,” August 10, 2022.

3. The Wall Street Journal, 2022.

4. Sophos “The State of Ransomware 2022,” 2022.

5. Sophos, 2022.

6. Federal Trade Commission “Data Breach Response: A Guide for Business,” February 2021.