Think of your very best small business clients. They’ve been going strong for years. They keep their budgets as trim as they can, but they don’t skimp on your cybersecurity services. They’ve signed up for your best antivirus software offering and best firewalls. They may even have a well-qualified IT staff member on the inside to work with you, and they follow all your recommendations regarding employee access to company devices or files from an unsecured network. You think no one will breach their business, and this client is so small, who would want to?
One Friday afternoon, as you’re wrapping up a particularly profitable month of service for this client, you get the call that their entire network has gone dark, and they’ve lost access to all company files and data. They are under cyberattack. Despite your best defenses, a hacker infiltrated the client. All their customer data has been compromised, and they are being asked for a big ransom payment to restore access to their files. There’s nothing you can do.
Worst of all, your client doesn’t have cyber liability insurance (CLI) – the one last layer of protection that might have helped them weather this storm. Three months later, the client is facing bankruptcy, and threatening to sue you for damages.
This might be a hypothetical scenario for you, but it’s a story that gets played out all too frequently. For any small or medium-sized business (SMB), the possibility of an attack and subsequent failure is very real. Small businesses make up 43 percent of all data breaches, and with hackers striking every 39 seconds, the odds of escape are not in an SMB’s favor – this is the cold reality for our intricately connected business world.
Even if you take every viable security precaution to protect your clients, it’s not enough. The dark actors of cyberspace never rest. They continually modify and advance their methods, looking for detours around safeguards and new egress into networks to the valuable data that lies within. This is why cyber liability insurance (CLI) is quickly becoming a necessary level of defense for many businesses.
Much like auto or homeowner’s insurance, CLI helps recover the cost of a compromising event.
Most cyber liability policies cover elements such as:
- data restoration
- legal expenses
- breach notifications to customers
- cyber extortion, privacy liability
- network business interruptions
Most importantly, these policies can also protect you – the MSP – and help cover the cost of your services to remediate the aftermath of a breach.
But there is a catch when it comes to cyber liability policies. Much like auto and homeowner’s insurance, the cyber liability policyholder must be able to prove they have been in compliance with the IT security terms of the policy in order to receive a payout on a claim.
CLI can certainly mitigate the financial damage an attack inflicts upon an organization. Yet, many SMBs businesses aren’t signing up – 91 percent of small businesses don’t have cyber insurance. Several reasons create that statistic:
- 54% of SMBs feel they’re too small to be a worthy target
- 25% don’t realize an attack would cost them any money
- Many believe that only cyber ransoms and damaged servers would be the extent of their financial loss
In actuality, any easy target is a worthy target. Many SMBs lack the formidable security of larger corporations. And a small business can easily spend $955,429 just to restore normal business operations after an attack; the majority of breach costs created by business downtime, forensics, public relations, customer notifications, and credit monitoring. Many SMBs are unaware of these additional costs, so they feel they have the resources to respond to – and recover from – a cyber incident.
Most MSPs are not insurance experts and don’t know how to make sure their clients are in compliance with the policies they have, or how to help their clients to get the cyber liability insurance coverage they need if they don’t already have it.
Compliance Manager GRC helps you manage your cyber liability insurance policy and other IT security requirements all in one place. Whether showing proof of compliance or demonstrating you have given your employees adequate cybersecurity training, Compliance Manager GRC does it all. Request a demo today.