42% of Businesses May Not Have Enough Insurance to Cover New Cyber Risks

Increase in cyber-attacks drives companies to bolster their data breach response plans.

Malware, ransomware, and other emerging cyber risks continue to put companies at risk for data breaches, business disruption, and financial or reputational harm. Nine in 10 businesses surveyed in The Hanover Insurance Group’s recent Cyber Risk Report said they had experienced a cyber-attack in the last year. Yet the report also found that 42% of businesses may not have enough insurance to cover the average cost of an attack.

This lack of coverage is troubling since the surge in the number of remote workers has increased a business’ vulnerability to cyber-attacks. A recent study of 1,000 businesses by Barracuda Networks found that 46% had experienced at least one security incident since the COVID-19 lockdown began.

When Cyber-Attacks Hit, Business Profitability Suffers

One in two businesses surveyed in the Hanover report experienced a malware-related attack. The two forms of malware that are particularly pernicious:

• Ransomware—which locks down corporate systems and data until the company pays up—accounts for 27% of all malware incidents, according to the Verizon 2020 Data Breach Investigations Report.
• Phishing attacks: Since the stay-at-home order began, IDX’ members have experienced a 50% increase in the number of targeted scams and phishing attacks via email, call, and texts.

These cyber-attacks hit business profitability “hard and fast,” the Hanover report found:

• 92% said their finances would be negatively impacted by lost access to critical systems and data.
• 60% said their businesses would become unprofitable within two days.

Companies Are Mal-Adapted to Handle Malware

While businesses strive to improve cybersecurity within their organization, they are still lacking in critical areas. According to the Hanover report:

• 38% of business decision-makers had not increased their cyber policy limits in the past year.
• 70% outsource security operations or critical IT sources to a third party.
• 54% rely on internal resources only to prepare written plans for identifying, mitigating, and addressing cyber threats.
• 1 in 3 small businesses don’t know how to handle a ransomware attack.

4 Ways to Mitigate Cyber Risk

While no company is 100% immune to cyber-attacks, they can protect their organization and their employees by:

1. Getting proper cyber insurance coverage. There are two types of cyber liability insurance: first-party, which covers direct financial losses, such as loss of income if the business shuts down; and third-party, which covers losses for other people affected by the cybersecurity incident. This could include a customer suing a business if they fall victim to identity theft.
2. Asking the experts for advice. Forty-six percent of businesses surveyed in the Hanover report rely on outside counsel, an insurance carrier resource, or a third-party consultant to help prepare their cyber risk plans. The federal government offers cybersecurity advice for small businesses, including the Cybersecurity & Infrastructure Security Agency’s “Cyber Essentials” guide and the FTC’s “Small Biz Cyber Planner.”
3. Protecting your employee privacy and security. 20% of employees say they’ve been a victim of identity theft, according to a PricewaterhouseCoopers (PwC) survey. Privacy and identity protection as an employee benefit can safeguard them from the hundreds of hours it takes to resolve identity fraud. What’s more, such protection can raise awareness among employees about cyber risks and help foster a culture of cybersecurity in the organization.
4. Proactively reduce breach risk with a no-cost Priority Response solution. In today’s world of mounting cyber-attacks and data breaches, businesses need to anticipate the inevitable. Take the time now to establish proactive relationships with incident response partners, because preparation is the only defense.

Keep Your Employees Safe from Hidden Threats Get The Detect & Protect Checklist

Even as the pandemic ebbs and some employees return to the office, remote work will be a permanent fact of life for many. One thing is certain: Wherever people work, cyber risk is sure to follow, and businesses need to be prepared.