Do Small Businesses Need Insurance for Cyber Attacks?
SBC Examines the Cybersecurity Insurance Option
WASHINGTON – Today, the House Committee on Small Business heard from a panel of experts on how cybersecurity insurance solutions can help small businesses recover from a cyber attack. They also took a closer look at the challenges small businesses may face in selecting a cybersecurity insurance policy and how insurers can make it a more affordable option for small companies trying to grow and protect themselves.
“One case in particular that stands out is the story of a small business owner who testified before this Committee last year. He owned an indoor go-carting facility in Maine and had a number of employees and families that depended on him. He told the Committee how he was struck by a phishing scam—he logged onto his bank account and to his utter disbelief, his balance was zero. This happened on a payday no less,” said House Small Business Committee Chairman Steve Chabot (R-OH).
“In our Committee’s efforts to spotlight these serious and growing threats, it has become clear that need to think outside of the box as we work to thwart cyber attacks,” added Chairman Chabot.
“The statistics show that there is a sufficient amount of work to be done on part of small companies and their operational strategies. Sixty-five percent of small businesses reported that they do not strictly enforce their password policy; this is the largest gateway for potential breaches. It is imperative that we, as small business owners, fully enforce the most intrusive method of sabotaging our networks, and therefore our business,” said Robert Luft, President, SureFire Innovations in Cincinnati, OH.
“The role of insurance is continuously increasing as customers are now seeking industry feedback and risk insights. It has become more of a partnership, with businesses focusing on not just what happens post-breach and a loss being paid. They value having a stable of pre-vetted vendors available to them if they are impacted by a data or security event. They are also focusing more on pre-breach services to guide them through risk mitigation tools like technology assessments,” said Erica Davis, Senior Vice President, Head of Specialty Products Errors & Omissions of Zurich Insurance in Washington, D.C.
“The number one reason [that small businesses did not purchase cyber insurance] given was that they claimed they did not need it. The second was the expense of coverage, and the third was that the process was too complicated and confusing. These results suggest that education is key to increasing the take-up rate of cyber insurance by small businesses, particularly given that 86% of the respondents stated that they store Personally Identifying or Personal Health Information,” said Eric Cernak, Vice President of Cyber Risk Practice Leader of Munich Re U.S. in Hartford, CT.