insight360: The Blog

For anyone who owns a business, protecting it is always at the forefront of your mind. There are many steps you can take to protect your business. However, sometimes even taking these steps cannot protect your business 100%. When these measures fail, there is usually some sort of insurance to fall back on. The point of insurance is to help "make you whole" when you are the victim of theft or vandalism. Although its universally accepted that your businesses digital footprint is important, most business owners do not understand that insurance is available for your digital assets as well, covering you when you are compromised by a digital threat, such as ransom, phishing, theft of company secrets, and other digital losses/threats.

The simple fact is that it is not a matter of IF you are going to get taken advantage of, but WHEN. This is an important distinction to remember. As your business grows, it becomes a larger target for cybercriminals whose goal is to take advantage of weaknesses in your business digital profile. Some businesses do not insure themselves even when they are educated about the risks and heavy financial costs of suffering a breach without insurance. Some of the reasons they do this are:

1. The cost - Good Cyberinsurance is a hefty investment financially and is estimated to rise by as much as 25% annually as different threats arise every year. A basic rule of thumb to help you estimate if you are in the right spot is for your yearly premium is for it to be 5% of your yearly gross revenues. That may seem steep, but you also must weigh the cost of potential loss of critical information or litigation from private or proprietary sources being breached.
2. Planning - Clearing the hurdles to being effectively insured is time-consuming, complicated, and confusing if you do not know what you are looking for. However, whatever time you invest now will save you time and money overall.
3. The human element: most insurance policies have requirements that include personnel training, change in habits and previous policies, that can be hard to implement. While it can be hard to "teach an old dog new tricks", the question you should be asking yourself is "Is not training that old dog worth risking losing the house?"

One of the biggest things you may not know is this: you are legally required NOT to pay a ransom if you are put in that position (it opens the door for others to take advantage, think "The USA does not negotiate with terrorists"). Penalties and fines for failing to follow FTC regulations and safeguards can range in the 10’s to 100’s of thousands of dollars, and that is AFTER any financial losses your businesses has already suffered. Losing a substantial amount of money because a hacker is holding your confidential information or trade secrets hostage is catastrophic to any business.

If you cannot put an experienced IT team on staff to manage this, you will want to reach out to a competent Tech Security firm to set things up and take care of the daily and monthly tasks for you and your team.

When you look for a team, you want a security minded managed service provider (MSP) that is familiar with these rules and can build not only the documentation you need to show the underwriters that you have "checked all the boxes", and can also put the hardware and software management tools in place to minimize your exposure (and theirs to paying a claim). 20 years ago, the concept of cyber security was just in its infancy, and the concept of having cyberinsurance was almost laughable. This is not the case anymore. Ignoring this part of your business can be detrimental, if not catastrophic to your company’s well-being. Cyberinsurance and preparedness is now a cost of business expense that no one can afford to ignore any longer.