Insuring Against the Cyber Threat to Your Firm's Balance Sheet


Do you need insurance against cyber attack? Many businesses answer this question – “No, it’s not going to happen,” or “we don’t store any valuable data.”

Both answers are wrong, and whether you are a large company or a small business, a few statistics should serve up a cold shower of reality.

A recent survey of small businesses found that more than half of reporting companies were the victims of a cyber-attack within the past year, and a similar number were victims of a data breach in the same period.

While most attacks are on large businesses, almost half target small businesses. No business is immune from this risk.

Many companies feel safe since they do not store highly sensitive information. If you retain email addresses, phone numbers or billing addresses you have data hackers seek. Even this basic information can aid hackers in obtaining key data.

Firms of all sizes find a false sense of security in their protective protocols. Most hacks are the result of human failure, and no system is proof against this source of the breach.

  • Only 65% of businesses enforce password security

  • Only 38% of businesses regularly update their security software

  • Only 22% encrypt databases.

  • 48% of attacks are the result of employee negligence

  • 43% of attacks are caused by social engineering/phishing

After a cyber breach has been discovered, there are necessary activities involved such as audits and consultation service fees, legal service fees for defense and compliance, free or discounted services offered to the victims of the breach such as credit monitoring and lost customers due to the breach.

Costs of a data breach include direct, Indirect and lost opportunities. As a result:

  • 60% of small businesses fail within 6 months of an attack

  • The average victim business spends over $800,000 due to theft of IT assets

  • Disruption of normal operations costs an average of over $900,000

  • The bottom line – Cybercrime is real and can pose a significant risk to the very existence of your business

The solution is cyber insurance to manage the risks associated with cyber breaches. Standard insurance coverage often does not cover such risks. Some policies may include enhancement coverage that gives a small limit of coverage, however, the coverage may not provide the amount and type of coverage needed.

Cybersecurity insurance provides a robust umbrella for the range of costs associated with a data breach including:

  • 1st party coverage – including direct costs – notification costs, credit monitoring, cyber extortion and more

  • 3rd party coverage – covers legal defense costs, lawsuit settlements, regulatory penalties, and fines

  • Coverage can include all types including data breaches or employee errors such as lost devices, and destruction of your data by viruses, or of the data of other businesses by a virus your business transmits, cyber extortion and denial of service attacks.

Businesses can literally be financially ruined by a cyber breach. Businesses which are dedicated to long-term survivability and growth will often incorporate Business Continuity Management principles. Cyber Security insurance can be an integral asset to BCM principles. According to a 2017 study by the Ponemon Institute, costs (both monetary and time resources) are significantly lowered by implementing BCM methods.

Let Nations Choice Trusted Advisors handle your cyber security needs today. Call one of our trusted advisors at (800) 233-7642.

— Bryan Kissinger | Commercial Lines Manager


The opinions expressed in this commentary are those of the author and may not necessarily reflect those held by Kestra Investment Services, LLC or Kestra Advisory Services, LLC. This is for general information only and is not intended to provide specific investment advice or recommendations for any individual. It is suggested that you consult your financial professional, attorney, or tax advisor with regard to your individual situation. Any example provided in the article is hypothetical and is for illustrative purposes only. There is no guarantee that similar results can be achieved and past results are not indicative of future results. All investments involve varying levels and types of risks. These risks can be associated with the specific investment, or with the marketplace as a whole. Loss of principal is possible.