It's Time to Talk About Cyber Insurance
/As a managed IT services provider (MSP), Affinity is not in the business of selling insurance. And, at the same time, we find ourselves increasingly recommending that small and mid-sized businesses in every industry consider cyber insurance as part of a comprehensive cyber security strategy. Why? Because, unfortunately, cybercrime is a booming business, and small and mid-sized businesses are increasingly a target.
What to Know About Cybercrime, and How to Deal With it
The Facts: Cybercrime (and Its Costs) Are on the Rise for Small and Mid-Sized Businesses
In 2021, the FBI reported that the number of cybercrime complaints rose by 69% over 2019. The average cost of a data breach has risen to $4 million, with much higher costs reported in the healthcare and financial sector, and in the instance of ransomware attacks.
These costs include a wide variety of immediate and long-lasting results of a cyberattack, including:
The cost of downtime and lost business during an incident
The cost of paying a ransom (if decided), in the event of ransomware
The cost of repairing or replacing any compromised systems
The cost of forensic research to determine the extent and nature of a breach
Legal fees related to any liability incurred
PR costs related to restoring reputation after a breach
Lost business due to lost trust from customers
And, again, cybercrime is an especially acute problem for small and mid-sized businesses who may have once assumed they flew under the radar of cybercriminals. Increasingly, they are becoming targets because they do not have the level of sophisticated protection that large corporations are able to deploy.
Is It Better to Invest In Cyber Prevention, or Cyber Insurance? The Answer Is “Yes – Both.”
In a perfect world, investing in cyber prevention would protect you completely from cyber attack. In the real world, they do drastically reduce risk. But the risk is never zero. In an ever-evolving threat landscape, there are no silver bullets.
That’s why cyber insurance is increasingly approaching table stakes, even for small and mid-sized businesses. A breach for most would be catastrophic or even fatal. With the right cyber insurance coverage, though, businesses are protected from many of the direct and indirect costs associated with a breach.
The Good News? Cyber Insurance Costs Less If You Have Invested In Prevention
While cyber insurance premiums have risen in recent years due to the increased incidence and cost of cyberattacks, premiums, as with other forms of insurance, are determined based on the carrier’s understanding of risk. So if you have invested in prevention, your insurance premiums will be lower.
In working with cyber insurance brokers and carriers over the years, we have seen that premiums are lower when businesses have invested in strategies and tools such as:
Business-class firewalls
Strong password management
Multi-factor authentication
Strong backup and disaster recovery tools and strategies
Endpoint Detection and Response (EDR) and Security Event and Incident Management (SEIM) tools.
The Bottom Line? Cyber Insurance Is Necessary in Today’s Business Landscape
Again, as an MSP, Affinity’s main focus is on securing and optimizing technology infrastructure for modern small and mid-sized businesses and organizations. We do not sell insurance, and we do not have financial ties to any organization that does. But seeing the increased threat of ransomware, business email compromise, and other forms of attacks in the SMB space, we feel obligated to talk to our clients about cyber insurance as part of their comprehensive security stance.
If you’d like to hear more about how Affinity works with clients to develop comprehensive security strategies, please contact us today.