The surprising cyber risks facing your small business clients

The surprising cyber risks facing your small business clients | Insurance Business America

The surprising cyber risks facing your small business clients
When many business owners think of data breaches, they think of malicious hacker collectives going after Fortune 500 companies. And that image can lead to a risky assumption: that smaller businesses don’t face a high enough risk to make cyber liability insurance worth the money.

The assumption is so widespread that a January survey from Aviva found that as many as 44% of businesses believe they are unlikely to be subject to cyber loss.

In reality, the idea of a “hacktivist” group trying to sew chaos for big corporations – while not necessarily inaccurate – is only a small facet of cyber risk, says John Novak, senior vice president for Guy Carpenter.

“Small businesses often say, ‘I have a website and a mobile phone and that’s it.’ I have no cyber exposure,” said Novak, a 23-year insurance veteran who has worked with cyber products since 2009. “But in reality of course, cyber policies really cover what happens when you lose personally identifiable information, and that can happen in an electronic format or paper file, through nefarious activity or error.”

For small- to medium-sized businesses (SMBs), that accidental exposure is most commonly brought about by employees. Whether through malicious activity or error, workers continue to be the biggest source of cyber loss for smaller companies.

“One SMB had an employee who was laid off and then grabbed sensitive customer information in order to file fraudulent tax returns and intercept tax return money,” shared John Novak, senior vice president with Guy Carpenter.

Fraudulent wire transfer requests, downloading infected files and sending unsecured or unencrypted data to a publicly accessible cloud are also common sources of cyber loss, Novak said. Even lost or stolen laptops – and lost or stolen paper files – can lead to significant losses for small companies.

And as for cyber crime? SMBs are not fully secure there, either, says Melissa Ventrone, an attorney and chair of the data privacy and security team with Wilson Elser Moskowitz Edelman & Dicker LLP in Chicago.

“Smaller businesses believe they are safe from attacks because they’re not an attractive target. It couldn’t be further from the truth,” said Ventrone. “SMBs are perfect for targets for hackers because a lot of them lack resources necessary to combat cyber risk. Large corporations have the budget – small ones don’t.”

SMBs that outsource IT function are also at risk from a vendor perspective, as many do not have monitoring tools to determine what happened in the event of a breach. This makes them “low-hanging fruit” from the perspective of a hacker, Ventrone says.

Luckily, a solid cyber insurance policy covers most of these scenarios. Expenses racked up from forensics or from notifying affected customers are often covered by the insurer, as well as options for attorneys or public relations resources if needed.