cyber insurance (small business)

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Post Reply
Topic Author
ZWorkLess
Posts: 425
Joined: Thu May 04, 2017 8:13 pm

cyber insurance (small business)

Post by ZWorkLess »

Any small business owners or insurance gurus out there who can coach me on the shopping process for cyber insurance?

Our agent has suggested it, and from my googling, it looks like it's a prudent decision for our business. We're consulting with our IT guy, too, of course (who generally is very on top of security stuff). Anyway, there are so many choices as far as level of coverage . . . various companies, etc. First glance is a choice between a cheap ($250/yr) policy vs much more expensive ($2500/yr) (same company, different things included with differing limits as well.) I'm pretty convinced we need coverage, but unsure how to decide how much to invest in it and what exact details we should prioritize.

Can anyone offer any advice on what to look for, what to avoid, etc?

Background: our company has a couple/few thousand clients, annual revenues around 1.2M, we do take credit cards, but don't store cc info. We do maintain personally identifiable info, but not financial info or SS numbers, etc. We do the PCI compliance thing each year. We have an excellent IT guy and all our data is backed up at least hourly internally but also at least daily in the cloud somewhere. As long as we could still access our backed up data (which we're checking with our IT guy to ensure it is secure from these sorts of attacks), we could likely be up and running enough to operate in 24-48 hours in the worst case that all our computers were disabled, starting fresh with all new computers (run to Best Buy for 1 or 2 to function) and re-downloading our software and data from backups. We could still perform our essential functions even w/o computers for a day or two (have done it once a year or so for some hours at a time when power goes out. It's fine, we just send a bill once the computers are up.) We have full business policy coverage with all the important riders, etc, except this cyber addition that we're now considering details.

Any insights? Thanks!
User avatar
quantAndHold
Posts: 10141
Joined: Thu Sep 17, 2015 10:39 pm
Location: West Coast

Re: cyber insurance (small business)

Post by quantAndHold »

This being a business question, it’s gonna get locked, but yes, you need cyber. Cyber is also very hard to get right now, at any price. I would contact an insurance broker, and let them do the shopping for you.
Flyer24
Posts: 5233
Joined: Sun Apr 08, 2018 4:21 pm

Re: cyber insurance (small business)

Post by Flyer24 »

Business questions are off-topic for this forum. Topic is locked.
Alex Frakt
Founder
Posts: 11589
Joined: Fri Feb 23, 2007 12:06 pm
Location: Chicago
Contact:

Re: cyber insurance (small business)

Post by Alex Frakt »

Unlocked. A misunderstanding of the forum policies appears to have arisen in the moderating staff. Questions here are on topic as long as they are "directly connected to your (or your friend's or family's) financial life." For small business owners, all of their business financial issues are directly connected to their financial life.
HawkeyePierce
Posts: 2351
Joined: Tue Mar 05, 2019 9:29 pm
Location: Colorado

Re: cyber insurance (small business)

Post by HawkeyePierce »

I don't have an answer to your insurance question, but there is a big difference between "we have backups" and "we have backups and have practiced restoring from backups".

Work with your IT person to test your backups if you haven't already so you aren't scrambling when the SHTF. And enforce 2FA on all your internal accounts (corporate email, Slack, whatever you use).
lsommerf
Posts: 3
Joined: Tue May 18, 2021 9:49 pm

Re: cyber insurance (small business)

Post by lsommerf »

How affordable is the greater level of insurance for you? If it's affordable, get it. You mention that your systems contain personally identifiable information (PII). Even if this is not financial information or social security numbers, there are legal ramifications and obligations attendant to the unauthorized access or acquisition of such information. You may have backups, but ransomware has grown from a nuisance to a major calamity over the past few years. Ransomware affiliates now exfiltrate the PII you maintain before locking up your systems to engage in a double-extortion. Short answer, every cyber insurance policy is different, but this is not the place to skimp. Especially since it sounds like you deal with payment card information, you should shop around and get the most comprehensive policy that you can afford.
hachiko
Posts: 941
Joined: Fri Mar 17, 2017 1:56 pm

Re: cyber insurance (small business)

Post by hachiko »

I've been pitched these as well. At a high level, the conclusion I came to, in consultation with IT people is, basically, if you're storing any sort of PII on your own servers (whether it's customers, employees, etc.) you need liability insurance to cover breaches.

Coverage like ransomware coverage often isn't absolutely necessary because there are ways you can significantly minimize risk that tend to not only save money over time, but are also good practices for other reasons, so you should implement them anyway.

Then there's another category that may cover lost profits to the company for stolen proprietary information. One company brought this up but it didn't really apply to us so we didn't really get into any details.

You may also want to make sure your other policies, like D&O policies cover cyber events (though when I asked about this, every company dismissed it immediately "yes, no issues on coverage for that").
Made money. Lost money. Learned to stop counting.
gquogue
Posts: 30
Joined: Thu Aug 24, 2017 8:05 pm

Re: cyber insurance (small business)

Post by gquogue »

Speak with your local broker. Ask them to pursue quotes with both Lloyd's companies (which they will obtain by working with one of their wholesale broker partners) as well as with standard US companies (names you will be familiar with). Many brokers won't pursue Lloyd's options because they only earn 10% instead of 15% (the wholesale broker receives the other 5% or more). But many of the Lloyd's companies are offering the broadest terms in cyber. A good trusted local broker will not worry about the extra 5% and just focus on getting you set up well. Ransomware and the costs associated with it are where the bulk of claims $'s come from. Social engineering is another common claim category (ie - getting tricked into wiring money to the wrong place).
Post Reply