trending Market Intelligence /marketintelligence/en/news-insights/trending/Yht1HiyfTphvKg06WYeXMg2 content esgSubNav
In This List

Allocating cyber-related resources is 'devil's question,' says Insureon exec

Blog

Europe: 5 key OTT trends to watch in 2022

Podcast

Next in Tech | Episode 50: InfoSec spending up, again…

Blog

Broadcast deal market recap 2021

Podcast

Next in Tech | Episode 49: Carbon reduction in cloud


Allocating cyber-related resources is 'devil's question,' says Insureon exec

? Just 15% of small-business owners who replied to a recent survey have experienced a cybersecurity breach in the past, according to an executive at online insurance agency Insureon.

? However, the cost to a small business of a cybersecurity breach averages up to $50,000, while a liability policy could be as low as $500.

? A small business has to make some investment in cybersecurity prevention safeguards before a cyber liability insurance company will offer coverage, but the executive said it makes sense to do both.

Cyber liability insurance is designed to cover companies with technology services. Once an event, like a data breach, triggers the coverage, the insurance policy would pay for a range of coverage, including credit monitoring costs, defense against claims and business interruption.

Following major data breaches at organizations including Equifax Inc., the Securities and Exchange Commission and Uber Technologies Inc., Insureon and Manta, an online resource dedicated to small businesses, conducted a cross-industry poll of 2,500 small-business owners about cyber liability insurance.

Andy Wood, executive vice president of retail operations at Insureon, spoke to S&P Global Market Intelligence about why many small businesses are not buying cyber liability insurance policies, but should be. The responses have been edited for length and clarity.

SNL Image

Andy Wood, executive vice president of retail operations

Source: Insureon

S&P Global Market Intelligence: Why do small businesses need cyber liability insurance?

Andy Wood: My personal perspective is if they don't have it, they are going to have to basically pay for all of those costs themselves. When you start to take a look at how much it costs to respond, there's a report by First Data Corp. and the cost for those data breaches for small businesses averaged between $36,000 and $50,000.

That's a pretty significant chunk of change that they're going to have to cough up out of their own pockets in the event that something happens.

A lot of small businesses work on a very tight budget from month to month. If they have to pay this out of pocket, then it could drive the business into the ground.

Why are so many small-business owners not purchasing cyber liability insurance?

I suspect it's a function of a) they have never experienced a data breach in the past; the survey said 85% of them have never experienced a data breach in the past and b) they think they have the adequate safeguards and securities in place to protect against that.

I suspect a large number of them think that because they don't have a lot of customers or data, it's not really worth their while, that they'll be able to handle the expense should anything happen.

What is your response to those arguments?

My response would be: Just because you've not had it doesn't mean it's not going to happen to you. That's the basis of insurance.

I think there's this notion that it couldn't happen to me. And because it's not a mandated coverage like auto-liability coverage or workers' compensation insurance, they don't have to have it and they don't really need to buy it because they've not had the issue pop up in the past. The hackers and the phishers out there in the world have got bigger targets that they're going to go after.

My response would be: You might think that, but that's not actually what happens. 15% of people have said they've had a breach in the past. So 15 out of every 100 small-business owners have had it happen to them. That's not an insignificant number.

You're a small-business owner, are you willing to play the odds game and have that $50,000 expense dumped on your plate because you didn't have cyber coverage to protect you?

If I'm a small business with a finite budget, am I going to put the money into beefing up cybersecurity prevention safeguards or into cyber liability insurance?

That's the devil's question, isn't it? I don't think you can separate the two, to be brutally honest with you. If you get cyber insurance, it's not a carte blanche insurance product. They won't offer you cyber insurance if you don't have any of the protections in place.

Would I give you insurance for your home if you don't have a front door or a front lock and have expensive jewelry sitting inside? The answer is no, I wouldn't. It's the same thing here. These cyber liability insurance companies are not going to offer you the coverage unless there is some guarantee that you've at least got some of the basics in place to protect your business and business data.

There's an investment you have to make regardless of whether you're going to have the coverage or not. That's going to be every business' decision. That's not for me to advocate one way or the other because it makes sense to do both.

When you look at the cost of cyber insurance, you can get cyber insurance for as low as $500. Super-small businesses could pay $500 to $1,000 for a liability policy, and it gets you a significant chunk of coverage. As I look at that, that is the price of licensing some antivirus or some malware software. It's not unaffordable.