Cyberattack & Small Business Risk

Courtesy of iii.org
More than half of U.S. small- and medium-sized businesses (SMBs) experienced a cyberattack within the past year, yet only 14 percent of businesses felt prepared and protected, according to a recent white paper from the Insurance Information Institute (I.I.I.).

The white paper, Protecting Against #Cyberfail: Small Business and Cyber Insurance, examines how insurers are addressing the threat cyberattacks and data breaches pose to SMBs through a combination of innovative insurance products, risk management techniques and employee training.

“Insurers foresee substantial growth coming from the SMB segment, as these companies become aware of the possibilities of liability, especially a breach and resulting response costs arising out of the possession of private data,” said Sean Kevelighan, chief executive officer, I.I.I.

The vast majority of cyber insurance claims involved the loss, exposure, or misuse of sensitive personal data. About half (48 percent) of the data breaches of U.S. small businesses in 2016 were caused by either a negligent employee or contractor, according to the Ponemon Institute.
U.S. insurers reported collecting $1.35 billion in direct premiums written for cyber insurance in 2016, according to the National Association of Insurance Commissioners. Stand-alone cyber insurance policies accounted for $921 million of that total (68 percent), while the balance came primarily from endorsements on either a small commercial or businessowners policy (BOP).

Typical cyber-related policies cover the costs arising from either a cyberattack or a data breach, such as responding to lawsuits, repairing damaged infrastructure, and paying the ‘ransom’ demanded by cyber extortionists, among other potential exposures, such as business interruption expenses.

“Creating an affordable product that SMBs will be willing to buy is a key component in the insurance offering. Since different industry sectors represent different levels of exposure, pricing will vary depending on the type of SMB,” the white paper, co-authored by James Lynch, the I.I.I.’s chief actuary, and the I.I.I.’s Claire Wilkinson, a consultant, states.

The I.I.I. has a full library of educational videos on its YouTube Channel.