By Rakesh Gupta
Did you know that small businesses are often the target of cybercriminals? By some estimates, nearly 30% of data breaches in 2020 involved small businesses.
That comes as a surprise to many small business owners, who may think that cyberattacks are primarily focused on large companies. That is a reasonable assumption since those crimes are the ones most often in the news. However, small businesses are not immune from cyberattacks, which have increased significantly in recent years.
According to the FBI, suspected internet crime complaints increased by more than 300,000 in 2020 as compared to 2019. Its 2020 Internet Crime Report says that the top three crimes reported in 2020 were phishing scams, non-payment/non-delivery scams and extortion.
Security experts believe that increased telecommuting caused by the COVID-19 pandemic in 2020 and 2021 has played a role in the spike in cybercrime. And with many companies expected to continue allowing employees to telecommute going forward, it is likely that the number of annual cyberattacks will continue to rise.
Any small business that handles sensitive information needs cyber insurance. In today’s digital world, it is hard to name a type of business that does not possess some form of sensitive information.
Business owners who wonder if they can get by without this coverage should talk with an insurance provider before making their decision. Perhaps there are rare instances where a company does not need this type of protection. However, it is more likely that an owner, upon learning more about what constitutes “sensitive information,” will realize that their company receives or produces this type of data and that cybercriminals may try to access it.
In a scenario where, for example, hackers have stolen sensitive information like customer credit card data, Social Security numbers or medical records, a business likely will have to take several actions to address the theft, and incur expenses as a result. These include what are called first-party and third-party expenses.
First-party expenses include those resulting from things like an IT or legal review of the incident and customer notification. Third-party expenses include those related to lawsuits filed over the loss of data that was in the company’s care, custody or control.
Cyber insurance can help cover these costs. Without insurance, a small business may have to pay them out of its own pocket. Depending on the scope of the hack or data breach, costs can be in the thousands, tens of thousands or more. Whatever the amount, it will be a drain on a small company’s resources and could, in some instances, put its future in jeopardy.
Fortunately, getting cyber insurance is easy. It can typically be obtained online and the coverage tends to be very affordable—$85-$200 per year for base coverage, on average.
Rakesh Gupta is COO, biBERK, part of Warren Buffett’s Berkshire Hathaway company, which specializes in commercial insurance for small businesses. In his role, Gupta focuses on simplifying the insurance buying experience using technology and process innovations that make it easier for small business owners to get the coverage they need.
This is a contributed piece to Hotel Business, authored by an industry professional. The thoughts expressed are the perspective of the bylined individual.