It's happened more often than I can count. People – from the guy who cuts my hair to the CPA I meet at a party – hear that I work in cyber insurance, and they proceed to ask me how they can protect themselves. I
end up talking about cybersecurity a lot.
At my last doctor’s appointment, I noticed that my primary care physician had transitioned from paper patient files to a cloudbased record management system. After proudly showing off his new iPad, my doctor proceeded to ask me about cybersecurity. I was glad he did – security considerations aren’t always front of mind when adopting new technologies, yet it’s essential that businesses understand the implications that come with increased connectivity.
As a society, we’re going through a significant period of change. The machine age is giving way to the information age – and we’re just at the beginning. Technology can be a real asset in the workplace. However, it also presents a real catch-22 for businesses. To thrive and remain competitive, businesses today must embrace and adopt technology. But with the adoption of technology comes new risk exposures – and these risks can be existential, particularly as a business’ operations become ever more dependent on technology.
The reality is that technological risks are the most pervasive risks facing small businesses, and they are increasingly among the more severe risks exposures. It’s easy to think that your business is too small to be impacted, but in actuality, it is estimated that one out of every five small and mediumsized businesses [SMBs] will fall victim to cyber attack; of these, 60% will shut down within six months.
Failure to treat cybersecurity and technological risk as a risk management problem can be costly. According to IBM, the average cost of a data breach is over $1 million, and the potential loss exposures can be diverse, from data theft and income loss as a result of business interruption to privacy liability, reputational harm, and even property damage or bodily harm.
Cybersecurity isn’t a problem that will be solved by technology alone. This is because, at its core, it is fundamentally a risk management problem. To address the risks that come with technological innovation, companies are left with three choices: accept the risk, mitigate the risk or transfer the risk.
At Coalition, this is our mantra, and it’s a framework we use regularly to help SMBs understand the importance of risk transfer and cyber insurance in the context of a cohesive risk management strategy.
For example, if you don’t accept credit cards, you shouldn’t be paying for coverage for PCI fines and penalties. Your cyber policy can and should be configured so that you’re paying only for what you really need.
It’s not possible to completely eliminate risk, which is why it’s so essential for businesses to find the right balance of risk acceptance, risk mitigation and risk transfer. As with most things, a proactive and informed approach is the key to success.