Businesses of all sizes can be vulnerable to cyber attacks. Whether you're looking for tips to secure your business or resources to help you recover in the event of a breach, having the right cybersecurity plan in place can pay off for your company.
Small business. Big cybersecurity risks. We’re continuing to see cyber threats impacting growing companies at an alarming rate. Forty-six percent of all cyberattacks now affect businesses with less than 1,000 employees, according to Verizon’s Data Breach Investigations Report. Combined with the startling IBM report that noted 60 percent of those businesses close their doors within six months of an attack, we know that cyber is a winner-takes-all kind of risk. Yet, many small businesses do little or nothing to protect themselves with cyber insurance.
Why are small businesses big targets?
It’s helpful to understand the reality behind the statistics. Small- and medium-sized businesses are a popular target because they tend to have poor cybersecurity compared to their larger counterparts. Many attackers want money, so small businesses are more likely to pay to recover. Others want access to data—and small businesses have that, plus access to larger partners and vendors.
Many small business owners think they are flying under the radar and are too small to be targeted, but phishing schemes and ransomware are crimes of opportunity, and even a few hundred dollars of ransom is profitable for cybercriminals.
The case for cyber insurance
With new, next-gen attacks using artificial intelligence technologies to study and replicate human behavior for sophisticated phishing schemes, businesses of every size are being compelled to protect their company, employees, and data. And a natural starting place for many small-to-medium businesses is cyber insurance.
Cyber liability insurance protects the business from the high costs associated with recovering from a data breach or malware attack at a relatively low price point. Recovery costs may include ransom payments. But, also the technical resources needed to recover lost data and restore system access, communication with stakeholders, lost productivity due to the breach, and reputational damage.
While insurance can make the difference between closing your doors and surviving a cyberattack, it isn’t a complete solution.
The one issue with cyber insurance
Cyber insurance may help your business recover from an attack. But it does little to fight off attackers in the first place.
Today, most insurance policies require basic cyber hygiene to qualify for coverage, such as having practices and plans to keep sensitive data organized, safe, and secure, with more advanced security helping to lower rates. Companies are allowed to self-attest their cyber protection. But, insurance companies are beginning to ask for objective evidence that controls are being met if marked implemented on a questionnaire.
A recent article from Insurance Journal explains how one insurance company refused to pay out the policy after it determined that the company filing the claim didn’t actually follow its cybersecurity plans, allowing an attack to happen.
A complete solution for companies of any size includes cyber insurance, cybersecurity protection, and employee training.
A three-step plan
Anyone running a business knows there are certain operational requirements. Cybersecurity now joins traditional tasks like running payroll, obtaining internet access, and purchasing office supplies. Developing and maintaining comprehensive cybersecurity practices is a must for any company that has customers, data, or employees. In other words, every company.
Because small business owners tend to wear many hats and involve themselves in core business activities, they often view cybersecurity as a challenge. But it doesn’t have to be.
I’ve outlined a three-step plan for small businesses to establish a cybersecurity baseline and prepare for cybersecurity insurance coverage.
Step 1: Assess your cybersecurity posture.
Start by making a list of all hardware, software, and online applications your business uses. Analyze the list for security vulnerabilities. That might include how you dispose of old and unused equipment or how often you install software updates. It could also include what password guidelines are used and how often you back up data. Additionally, whether employees connect to work systems remotely.
Step 2: Create a basic cyber hygiene policy.
With insights from your assessment, write out a set of practices (the rules, procedures, personnel, and schedules) to maintain good cyber hygiene. Minimally it should include:
- Passwords: Complex passwords, changed regularly
- Software updates: Updating all software you use regularly and installing security patches when released
- Hardware updates: Computers, smartphones, and other mobile devices need firmware updated regularly.
- Management of new installs: Anything new that connects to your systems or internet access needs to be documented and installed properly. Employees should not download apps or connect to new accounts without permission.
- Limit users: Only those who need admin-level access to programs should have access.
- Back up of data: All data needs to be backed up to a secondary source (such as a hard drive or cloud storage) to ensure its safety in the event of a breach or ransom.
- A cybersecurity framework: Select a framework used by your industry or available from the U.S. government, like the NIST cybersecurity framework, to guide more advanced security standards. Even if you aren’t fully compliant with all guidelines right away, these frameworks can help you focus your plans and security investments.
Step 3: Do your insurance homework.
All cyber insurance policies are not created equal. Compare rates and coverage and ask about factors that lower rates. You may be able to get a lower insurance rate simply by switching on multifactor authentication for your email accounts or completing online training classes! So, look for policies with valuable benefits, like cyber investigators helping during an attack or legal aid to determine your liability to customers and vendors.
Cybersecurity is for every business, and cyber liability insurance has quickly become an important part of protecting the country’s small businesses. While the threats will continue to be challenging, preparing your business to face them is feasible with sound cyber hygiene practices.
This article was written by Derek Kernus from Small Biz Technology and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to email@example.com.
This article is licensed content that was created by a third party not affiliated with Santander Bank, N.A. (“Santander”). This article is for promotional purposes only. Santander does not provide investment, business, financial, accounting, tax, or legal advice, and the content of this article does not constitute investment, business, financial, accounting, tax, or legal advice. Santander does not make any claims, promises, or guarantees about the accuracy, completeness, currency, or adequacy of any content. Santander expressly disclaims all express and implied warranties of accuracy, completeness, currency, or adequacy of the information and content in this article. Readers should consult their own attorneys or tax or other advisors regarding the applicability of any referenced information, or financial or other strategies to their own unique circumstances. This article does not necessarily reflect the views or endorsement of Santander. Please note that third-party websites may have privacy and security policies different from Santander; please review the privacy and security policies of such websites.
Santander Bank, N.A. is a Member FDIC and a wholly owned subsidiary of Banco Santander, S.A. ©2023 Santander Bank, N.A. All rights reserved. Santander, Santander Bank and the Flame Logo are trademarks of Banco Santander, S.A. or its subsidiaries in the United States or other countries. All other trademarks are the property of their respective owners.
Have a question about this article? Ready to realize the big potential for your small business? We can help.
To connect with a Santander Relationship Banker, schedule an appointment or visit a branch near you.