Mar 27 2023

Cyber Insurance for Small Business: What You Need To Know

It’s now harder to qualify for this critical protection, but those who take the steps necessary to do so will be better off for it.

Despite the rising frequency and cost of business data breaches, just over one quarter of small to medium-sized businesses carry cyber insurance.

In part, this stems from misplaced confidence, with 58 percent of businesses claiming they could “quickly resolve” any cyberattack. Businesses also expressed uncertainty about the costs, benefits and challenges of bringing an insurance provider on board.

It’s a good idea to have cyber insurance, not only for the financial protection it offers in the event of a damaging breach, but also for the security discipline it imposes on companies that seek to qualify for coverage. Here’s what businesses need to know about the state of cyber insurance, what it covers, what technologies they need in place for claims to be considered and what steps they can take to prepare.

Click the banner to unlock exclusive security content when you register as an Insider.

Policy Shift: The State of Cyber Insurance

The average cost of a compromise is now $9.4 million, according to IBM’s Cost of a Data Breach 2022 report.

Both the upfront costs and the associated impacts of a breach on reputation and productivity make cyber insurance an attractive option for organizations. Yet those same factors have caused carriers to raise policy premiums and tighten conditions for coverage. According to Fortune, the average price of cyber insurance in the United States rose 79 percent in the second quarter of 2022.

DISCOVER: The four pillars of modern workspace management for small business.

Two factors play a significant role in this increase. First is the growing number of cyberattacks on businesses of all sizes, meaning there’s a greater chance of insurance claims and potential payouts. Second, many companies are using outdated or ineffective security controls, making it easier for attackers to gain access. As a result, cyber insurance companies are now requiring organizations to complete checklists that ensure they have basic security tools in place before policies are issued.

The Solutions SMBs Need to Stay Protected

Cyber insurance carriers don’t want to pay out to policyholders that are reckless or irresponsible.

For small businesses, this often takes the form of failing to adopt appropriate security policies and not implementing modern tools capable of detecting or responding to emerging threats. This is especially worrisome given the increasing preference of attackers to breach small businesses using ransomware and then use their ill-gotten gains to target larger enterprises.

FIND OUT: Understand the benefits of WIFI 6E for small businesses.

To obtain cyber insurance coverage, SMBs should have four solutions in place.

  • Enterprise-grade email security: Insurance companies now ask small businesses to purchase and deploy enterprise-grade email security tools capable of automatically detecting and blocking common threats before they reach employee inboxes. These solutions often come with staff security awareness training options that can help reduce risk.
  • Data loss protection: SMBs must have tools in place capable of pinpointing potential security issues and taking action to prevent data loss. Third-party services such as penetration testing, policy and access evaluations can help.
  • Multi-factor authentication: Passwords remain a problem for organizations of all sizes. As a result, SMBs must deploy MFA tools that ask users to provide an additional identity factor for access, limiting the ability of attackers to brute-force their way into networks.
  • Next-generation firewalls: Traditional, state-based firewalls can’t keep pace with new threats. Today, SMBs need next-generation solutions that help keep them ahead of attacker efforts.

Prepping for Policy Purchase

For many small businesses, it isn’t enough to know what they need to secure a cyber insurance policy. They also need help with assessment, implementation and ROI evaluation.

CDW’s Amplified™ Cybersecurity Services can help. From identifying current security gaps to pinpointing compliance challenges and automating routine security tasks, CDW experts work to bridge the gap between insurance expectations and current operations. And by applying a vendor-neutral approach, CDW helps SMBs conduct ROI assessments that let them find the best fit for their security needs.

Insurance is a critical but costly component of an overall cybersecurity plan. With expert assessment and assistance, however, small businesses are better equipped to balance policy, price and protection.

This article is part of BizTech's AgilITy blog series. Please join the discussion on Twitter.


Erhui1979 / Getty Images

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT