Why Cyber Insurance is Crucial to Today’s Businesses

The digital revolution has changed business forever.  Across all sizes and industries, companies are turning to electronic storage for their records.  Billions of people worldwide are connected by internet access, opening the door to business opportunities that didn’t exist a decade ago.  By 2022, world data will more than triple, and half that data will be stored in the cloud.  Perhaps more dramatically, 2020 events caused a work from home revolution, allowing 70% of Americans to perform remote work during that year.

Despite all the benefits these changes bring to companies and their workers, they also create prime conditions for one major threat: rising levels of cyber crime.  As more people and companies gain internet access, the opportunities for malicious actors to extort them grows.  With more people conducting business online, risk has increased exponentially.  Data gets shared across multiple apps and cloud services, offering cyber criminals even more opportunities to steal it.  IT departments are less able to protect against security weaknesses in workers’ homes than they would be from an office.  Furthermore, remote workers are more likely to use personal devices, which rarely meet appropriate security standards when handling company data.

The world of cyber crime is large and growing rapidly.  If cyber crime were a country, it would boast the third largest economy in the world. Ransomware is the most common form of cyber attack, and its prevalence is increasing at an alarming rate.  In 2020, a person, business, or device was attacked by ransomware every 10 seconds.  That is a 50% increase over previous years.  By 2031, a business, person, or device could face some kind of cyber attack every 2 seconds.

Meanwhile, the costs cyber crime incurs on legitimate actors is mounting.  The damages due to ransomware alone increased over 7,000-fold in the latter half of the 2010’s.  In 2015, damages due to ransomware amounted to $24 million.  By 2020, that value was $170 billion.  The global, anonymized nature of cyber crime makes it difficult for legal authorities to prosecute cyber criminals.  Ample opportunity combined with near-impunity makes for fast proliferation of the cyber criminal lifestyle. 

Even corporate giants can’t assume they are safe from cyber crime.  This year, Acer was attacked for $50 million, the largest reported ransom demand from a cyber attack.  While Acer didn’t pay the demand, meat processing giant JBS Foods gave in to their hackers, delivering the largest reported ransom payment to the tune of $11 million.  It is official policy for the FBI to discourage paying the ransom to hackers, but affected businesses often feel they have little choice.  Ransomware and malware can do serious damage to company operations, putting the affected business between a rock and a hard place. 

Yet while the largest corporations may not be entirely safe from a cyber attack, they often have confidence they will survive one.  Meanwhile, small to midsize businesses (SMBs) rarely possess that level of assurance.  For them, cyber attacks are a common, often fatal occurrence.  In the past year, 66% of SMBs fell victim to at least one cyber attack.  Of those hit with a data breach or hack, 60% go out of business within 6 months of the attack.  These two figures together spell tragedy for thousands of SMBs worldwide.

Why are SMBs so vulnerable to cyber crimes?  As many as 45% of SMBs recognize their cyber security systems are ineffective, and this may be an underestimate.  Even security “best practices” are falling short in recent years.  Common protection tools like 2-factor authentication and “strong” passwords are still vulnerable to hackers.  Around 80% of IT leaders say their company lacks sufficient protection to prevent a cyber attack, and 77% of their organizations don’t even have a response plan they can follow in the case of an attack.  This lack of preparedness levies tragic consequences on SMBs.

If a single cyber attack is successful, a business can lose everything.  The money they lose goes beyond ransom or extortion; replacing and repairing infected devices is expensive.  When systems are shut down in an attack, revenue-producing operations screech to a halt.  Not only is a business losing money, but its revenue stream is dammed temporarily.  In the longer term, a business’s reputation suffers from being the victim of a digital burglary.  Customers don’t want to shop with businesses that can’t keep their data safe.  A shrinking customer base is a recipe for bankruptcy.

How can businesses of all sizes avert this tragic fate?  Better cyber security may prevent future attacks, but it doesn’t help businesses recovering from past ones.  To that end, businesses should invest in cyber insurance.  For SMBs, a normal cyber insurance policy covers up to $1 million in damages.  For the purpose of cyber insurance, “damages” are defined broadly.  Coverage includes profit losses from reputation damage or halted operations, liabilities that come out of contract penalties and media fines, and lawsuits of the class-action and regulatory investigation variety. 

It is worth noting that coverage does not include physical property, long-term profit losses, stolen intellectual property, or (increasingly common) ransom payments.  Ransom payments are growing increasingly unaffordable for insurance companies and often put insurers at odds with US laws that forbid payments to sanctioned individuals and/or jurisdictions.  Despite these gaps in coverage, more businesses are turning to cyber insurance as their lifeline.  The digital world has numerous dangers associated with doing business.  Successful businesses protect themselves from danger.