It seems nowadays that every week there is another story that pops up on the news about a cyber attack.
From the Colonial Pipeline attack that caused a fuel panic back in May, attacks on the Steamship Authority of Massachusetts, JBS (the world’s largest meat packer), and the Washington DC Metropolitan Police Department. These attacks against U.S. companies and organizations result in shutdown of critical infrastructure, created shortages, increased cost of goods/services, and costs companies millions of dollars.
How much money?
The Colonial Pipeline attack resulted in the company paying a 4.4 Million dollar ransom to the hacker group. Although there weren't any major food shortages as a result of the attack on JBS, the company confirmed that they ended up paying a 11 Million dollar ransom as a result of the attack.
Sadly, ransomware attacks are only one kind of cyber threat facing businesses.
Besides spyware and ransomware attacks companies can fall prey to man in the middle attacks, wire transfer fraud, and Phishing attacks.
Now, as the owner of a small business you might say:
“That will never happen to my business though! We are way too small for one of these things to happen!”
According to reports released this year one in five small businesses fall victim to a cyberattack and of those, 60 percent go out of business in six months. And the data show that most small business owners don't have a plan for response if they're hit.
“We have cyber insurance in our BOP.”
Most BOP added cyber insurance normally tops out at $25,000 in additional coverage, and most policy language is vague or really restrictive on what exactly the policy will cover.
“How much would a claim like that be, really?”
$2.98 Million: The Average Cost of a Data Breach for small businesses with less than 500 Employees
The costs associated with data breaches vary greatly depending on the size of the organization and scope of the attack. Research from IBM and the Ponemon Institute’s 2021 Cost of a Data Breach Report shows that small organizations (those with fewer than 500 employees) spend an average of nearly $3 million per incident. Compare this to the $2.63 million price tag for organizations with 500-1000 employees and the $5.25 million average per-incident cost for organizations with 10,001-25,000 employees.
Why such a high claim cost?
Recovering from a cybersecurity incident will drain your business of both time and money. Every state requires that you quickly notify parties whose personal information was affected. If you don’t, you could face steep fines and penalties.
In most states, you must also investigate and correct the security flaw that led to the breach. The costs of fixing weak cybersecurity can be huge and often the reason why many small businesses have flimsy security in the first place.
But the costs don’t stop there. Expenses can continue to add up months or even years down the road.
With one data breach or ransomware attack a company is looking at:
Business interruption/lost revenue: Most businesses rely on technology to operate efficiently. But a cyberattack can take down your tech, leaving you unable to offer services or make sales.
Ransom demands: Ransomware attacks are on the rise, along with the size of cyber extortion demands.
Investigating and eliminating security weaknesses: Hiring experts to find and fix a security flaw can cost you big bucks. A forensic examination by a reputable firm can cost anywhere from $200 to $1,500 per hour, according to Zurich Financial Services Group.
Public relations costs: As soon as you learn of a data breach, you need to start damage control. A PR firm can be essential to protect your business’s reputation.
Regulatory fines/penalties: Regulators are cracking down on companies that fail to protect consumer data, no matter their size. Penalties for negligence can range from massive fines to jail time.
Customer notification costs: Following a data breach, you must contact any affected party. Notification requirements vary by state, but costs range from $0.50 to $5 per notice, according to Zurich.
Credit monitoring: Your business will also need to cover credit monitoring services for all affected parties for at least two years. Credit monitoring can cost anywhere from $10 to $30 per individual per year, according to Zurich.
Reputational damage/lost customers: Even with the best PR, your business’s reputation will take a hit after a breach. It’s hard to measure lost business, but expect it to impact your company’s bottom line.
Potential lawsuits from customers or clients: Lawsuits are always a risk after a data breach. According to NetDiligence’s 2019 Cyber Claims Study, the average cost for legal defense was $740,000, while the average legal settlement was $2 million.
To add insult to injury, 43% of small businesses lack any type of Cybersecurity Defense Plans
More than two in five companies that have 50 or fewer employees in the U.S. don’t have any type of cybersecurity defense plan in place. Yes, that’s right. A study by BullGuard showcases a disturbing number of businesses that do not have a plan in place in the event a cyber attack occurs. They’re essentially rolling the dice in terms of securing their data (and that of their customers) from small business cyber attacks.
Now the main question comes of:
How much will it cost to protect my business?
As the years have progressed, insurance companies are starting to make cyber insurance more of a priority, and in effect premiums are becoming more and more reasonable. In fact in most cases for a small business, you could be looking at only a few hundred dollars a month.
Interested in learning more?
Click here and one of our agents will be in touch with you shortly.