With cyber attacks increasingly targeting businesses of all sizes, a growing number of small businesses are protecting themselves with cyber liability insurance designed to help them deal with the aftermath of a data breach.

By providing financial support and services to help small businesses deal with aspects such as customer notification, data restoration, business interruption and other effects, cyber liability insurance can play an important role in helping a company survive a data breach or online attack.

Many small businesses tend to underestimate their cyber-related risk exposure as well as the associated expenses, but smaller companies are increasingly targeted by hackers because their defenses may not be as sophisticated. In addition, smaller companies are often attacked by hackers looking to breach the larger companies that include small businesses as suppliers and service providers.

Cyber liability insurance has become a staple for larger companies over the past decade, and as insurance companies get a better understanding of the risk, more underwriters are willing to provide coverage for smaller and medium businesses.

One leading insurance broker estimates less than one in five small businesses have cyber insurance, compared with nearly three quarters of large companies.

Interest among smaller companies is also increasing because more large organizations are requiring the smaller companies they do business with to have cyber-related insurance.

Because cyber liability coverage is newer than forms of insurance with extensive claims history, such as workers comp or property damage, coverage and premiums can vary from insurer to insurer. This variation makes it important to work with your insurance agent or broker to find the best policy for your needs.

Coverage Basics

While coverage will vary, most policies are designed to provide protection against several short- and medium-term costs should a policyholder experience a cyber breach:

• Risk assessment and management services to help companies reduce the chance they’ll be targeted.
• Business interruption coverage to restore income that is lost when a business can’t serve customers immediately after a cyber attack.
• Expenses related to ransomware or similar fraud events.
• Customer notification services if a company is required to alert customers their data has been compromised. Most states have notification requirements, but because those requirements are different among the states, coordination can be complex and expensive.
• Data recovery services to try to restore data from compromised equipment or applications.
• Investigation costs to determine the cause of a data breach.
• Legal fees if the company is sued or faces regulatory inquiries after a cyber attack.

Understand Your Risk

A good starting point is speaking with your agent or broker and asking what would happen if your company experienced a cyber attack. Some general liability or business owner policies may provide enough coverage for your company’s needs, while other policies may specifically exclude coverage for cyber-related losses. Understanding the protection you have already is important in evaluating your cyber insurance needs.

From there, you’ll talk about your company’s risk factors including its industry, client base, the types of customer information you have, any regulatory requirements to safeguard data (common in financial services, health care and other industries), whether you do business internationally, and other variables.

Coverage terms and premium costs will differ among carriers, so it’s important to get several quotes before making a selection.