Affinity Technology Partners

View Original

It's Time to Talk About Cyber Insurance

As a managed IT services provider (MSP), Affinity is not in the business of selling insurance. And, at the same time, we find ourselves increasingly recommending that small and mid-sized businesses in every industry consider cyber insurance as part of a comprehensive cyber security strategy. Why? Because, unfortunately, cybercrime is a booming business, and small and mid-sized businesses are increasingly a target.

What to Know About Cybercrime, and How to Deal With it

The Facts: Cybercrime (and Its Costs) Are on the Rise for Small and Mid-Sized Businesses

 In 2021, the FBI reported that the number of cybercrime complaints rose by 69% over 2019. The average cost of a data breach has risen to $4 million, with much higher costs reported in the healthcare and financial sector, and in the instance of ransomware attacks.

 These costs include a wide variety of immediate and long-lasting results of a cyberattack, including:

  •  The cost of downtime and lost business during an incident

  • The cost of paying a ransom (if decided), in the event of ransomware

  • The cost of repairing or replacing any compromised systems

  • The cost of forensic research to determine the extent and nature of a breach

  • Legal fees related to any liability incurred

  • PR costs related to restoring reputation after a breach

  • Lost business due to lost trust from customers

 And, again, cybercrime is an especially acute problem for small and mid-sized businesses who may have once assumed they flew under the radar of cybercriminals. Increasingly, they are becoming targets because they do not have the level of sophisticated protection that large corporations are able to deploy.

Is It Better to Invest In Cyber Prevention, or Cyber Insurance? The Answer Is “Yes – Both.”

 In a perfect world, investing in cyber prevention would protect you completely from cyber attack. In the real world, they do drastically reduce risk. But the risk is never zero. In an ever-evolving threat landscape, there are no silver bullets.

 That’s why cyber insurance is increasingly approaching table stakes, even for small and mid-sized businesses. A breach for most would be catastrophic or even fatal. With the right cyber insurance coverage, though, businesses are protected from many of the direct and indirect costs associated with a breach.

The Good News? Cyber Insurance Costs Less If You Have Invested In Prevention

 While cyber insurance premiums have risen in recent years due to the increased incidence and cost of cyberattacks, premiums, as with other forms of insurance, are determined based on the carrier’s understanding of risk. So if you have invested in prevention, your insurance premiums will be lower.

In working with cyber insurance brokers and carriers over the years, we have seen that premiums are lower when businesses have invested in strategies and tools such as:

  • Business-class firewalls

  • Strong password management

  • Multi-factor authentication

  • Strong backup and disaster recovery tools and strategies

  • Endpoint Detection and Response (EDR) and Security Event and Incident Management (SEIM) tools.

The Bottom Line? Cyber Insurance Is Necessary in Today’s Business Landscape

Again, as an MSP, Affinity’s main focus is on securing and optimizing technology infrastructure for modern small and mid-sized businesses and organizations. We do not sell insurance, and we do not have financial ties to any organization that does. But seeing the increased threat of ransomware, business email compromise, and other forms of attacks in the SMB space, we feel obligated to talk to our clients about cyber insurance as part of their comprehensive security stance.

If you’d like to hear more about how Affinity works with clients to develop comprehensive security strategies, please contact us today.