Despite the razor-sharp instincts and cat-like reflexes that enable a Nascar driver to slingshot around the track at over 200 mph, when he drives home to his family, he protects himself with vehicle insurance just like the rest of us do. That’s because no driver is perfect and everyday traffic is full of many risk factors outside your control.
The very same can be said about the cybersecurity risks that small and medium enterprises (SME) face in the course of conducting everyday business. No security solution is perfect and, just like an oncoming truck that swings wide at a blind corner, there’s no defense against an employee who accidental clicks on a phishing email.
Our IT experts here at Network Tech have built some of the most robust cybersecurity defenses for small businesses you’ll find anywhere. And yet, despite the enormous pride we take in our work, we ourselves carry cybersecurity insurance and we recommend it to all our clients as well.
There’s a lot of uncertainty and misinformation about cybersecurity insurance and how it fits into your business’ defenses. So, our Chief Operating Officer Matt Cortner sat down with Dan Bukaty, owner of cyber insurance broker, Bukaty Companies, to answer a few of our clients’ most common and pressing questions.
WHY DO I NEED CYBERSECURITY INSURANCE IF I HAVE AN MSP?
Matt Cortner: Your Managed Service Provider (MSP) should be responsible to provide your business with a top-shelf cybersecurity suite and perform essential routine maintenance and updates. Nevertheless, many breaches occur as the result of an employee who circumvents your defenses when they accidently click on a phishing email. Without an insurance policy, this leaves your business liable and exposed.
BUT MY BUSINESS DOESN’T HANDLE SENSITIVE DATA …
Dan Bukaty: Understandably, we tend to think of cybersecurity risk in terms of the headline-grabbing cases of Target, Home Depot and MGM, where the personally identifiable information (PII) and credit card data of millions of customers were stolen. In reality, what we frequently encounter are the unreported hacks that strike small businesses that don’t possess any sensitive customer data at all.
Take, for example, what happened to a Kansas City small business just last year. Hackers penetrated their network security through a routine phishing attack. They lay dormant, collecting keystroke data for quite some time. Then, when they had the information they needed, they quietly issued themselves a $12,000 “refund” through the company’s billing software. Investigators tracked the hackers to the Netherlands where the trail went completely cold.
HOW DO SMALL BUSINESSES NAVIGATE PERSONAL DATA-PROTECTION LAWS?
MC: The federal government has a set of rules and regulations regarding personal data protection and privacy, and most states and even some cities have their own regulations. So, depending on your industry and geography, the situation can be anywhere from very confusing to totally mind-boggling.
It’s not unlike the case where a small Kansas manufacturer’s product finds its way through wholesalers and distributors into a California home. Maybe an accident occurs, and a California law firm appears out of the blue to accuse the Kansas manufacturer of violating California’s product-labeling laws. The point here is, with so many potential layers of liability, a cost-effective cybersecurity policy like what our colleagues at Bukaty offer can quickly become a livesaver.
IF I’VE ALREADY BEEN BREACHED, HOW MIGHT THAT AFFECT MY PREMIUM?
DB: If your business has already suffered a breach, that’s far from a deal breaker. In fact, in some cases where you’ve hardened your defenses after suffering a breach, you might be in an even stronger position to obtain a very reasonably priced policy.
So, having that good wall of defense against cyberattack is going to help reduce your premium, and it’s also your best risk-avoidance strategy. It’s like with homeowners insurance: in the case of a fire, the insurer is going to be there to cut an all-important check. But you as the homeowner – or, in this case, the business owner – are still going to have quite a mess to clean up. Having a strong cybersecurity defense is going to help with your premiums and go a long way toward avoiding the problem altogether.
WHAT DO THE 2020 TRENDS FOR CYBER INSURANCE HAVE IN STORE?
DB: Initially, businesses would take out a cybersecurity insurance policy along with their firewall, antivirus, etc. as part of a comprehensive, cybersecurity defense strategy. More recently, however, we’re seeing a lot of cases in which a small business enters into a service or manufacturing contract with a business customer that requires them to have cyber insurance under the terms of the agreement.
There are a lot of important risks that business owners and homeowners take out an insurance policy to cover: fire, floods, tornadoes, etc. Running into a cybersecurity problem is becoming statistically a lot more likely than any of those risks. When it does happen, it’s devastating no matter what. But it makes a huge difference when you’ve got a check in hand.
COMPREHENSIVE CYBERSECURITY DEFENSE STRATEGY
The best way to protect your business’ data, finances and reputation is through establishing a trusting relationship with an experienced and security-focused MSP like Network Tech. Together, we can build you a robust cybersecurity solution that will cover all aspects, from cyber training and testing to layers of security within your network.
Nevertheless, since no security platform can protect you 100% of the time against 100% of the threats, cybersecurity insurance provides an extremely important component against the increasingly common risks that all businesses face today.
If you have any concerns about your cybersecurity posture or about how a cyber insurance policy can safeguard your business, reach out to us by phone (913-538-7820) or email and we’ll walk you through your options.