RealClearMarkets Editorial by Chase Norlin, CEO, Transmosis
As we enter 2022, surviving small businesses continue to be plagued with financial uncertainty. But on top of the pandemic lies another risk, what some experts are calling a “pandemic within a pandemic” for small business: cyber attacks. Research shows that small businesses are the #1 target for cyber criminals with attacks at all-time highs and an average ransom payout of $177,000. That’s quite a heavy financial risk for small businesses to manage and in most cases the ransom must be paid.
The digital transformation of how business is done today means that small businesses are carrying a massive amount of financial liability related to cybersecurity threats. Today, 83% of small businesses don’t carry cyber liability insurance and 60% go out of business within six months after a cyber attack. Why? Because small businesses carry three major types of cyber financial liability they are likely not aware of: First Party, Third Party, and Regulatory.
First Party liability refers to the liability incurred when a small business is directly attacked. First-party financial damages include the ransom to be paid, data recovery expense, business downtime and associated loss of revenue, the cost of notifying affected customers and employees, hiring of legal and/or pr firms, and reputational damage among customers that lead to reduced revenue.
Third Party liability refers to damage from connections to third parties (e.g. partners, customers, vendors). Third-party financial damages include legal fees to hire counsel, cost of settlements, civil awards or judgements resulting from a lawsuit, and large partners or customers severing ties.
Regulatory liability refers to breaches that lead to governmental compliance failure and the resulting fines. For example, new privacy laws in New York (Shield Act), California (CCPA), and other states impose harsh fines for consumer data breaches even if your company doesn’t reside there. This basically means that if your small business has a customer that resides in any of these states, and your systems are breached and their private information is leaked or stolen, you are financially liable for the damage in the form of fines and penalties. Regulatory liability also refers to compliance failures due to security breaches that result in harm to consumers (e.g. HIPAA compliance).
When you add up these hidden liabilities it’s painfully clear that small businesses carry significant financial risk when operating in our new digital world. And, insurers are increasingly trepidatious with many now requiring stronger technologies and liability safeguards against criminals taking advantage of these new digital and human vulnerabilities. Making matters worse, the pandemic and new work-from-home models have made it easier for cyber criminals to attack small businesses for financial gain.
COVID-19 has forever changed the small business landscape, and cyber criminals know it and have become relentless. Evidence shows that these criminals don’t discriminate; they target even the smallest of businesses because these organizations have fewer resources to mitigate their risks.
Fortunately, small businesses are increasingly prioritizing cybersecurity and cyber liability insurance to mitigate their risks. And, cyber liability insurance policies have responded to these new challenges, providing coverage for attacks of all kinds. But not all cyber liability policies are created equal – putting much of the onus back on the small business owner to educate themselves on seemingly foreign definitions and concepts. Additionally, navigating the appropriate technology to defend against cyber attack and ensuring that if breached the policy will pay out on the claim is increasingly complex.
The solution, and a major trend in the industry, is to work with companies that integrate both cybersecurity technology and liability coverage into one solution. This makes deployment easier and faster, but more importantly ensures that any breach that results in a claim is likely to be settled. In essence, cybersecurity is becoming more about insurance, and insurance is becoming more about cybersecurity. This promising trend will help small businesses protect themselves in an increasingly hostile digital future.