The Expert Podcast

Don’t you hate buying insurance? Think about it: you pay insurance premiums all year or every year—and what do you get in return for it? You get nothing put in your hands. You don’t get a car to drive. You don’t get a house to live in. You don’t get food. You don’t get gasoline for your car. You get nothing. That’s why people hate buying insurance. In fact, one of the clichés about the insurance business is that people don’t even want to sit next to an insurance agent at a cocktail party—because all they’re going to try to do is sell you insurance.

But there’s something, as a business owner or consumer, that’s helpful to know about the insurance industry that might help save you money or save you from having losses—especially when it comes to cyber liability insurance. So let’s take a look, so that way you don’t have to hear it from an insurance salesman. Here are all the things that a cyber liability insurance salesman is going to tell you—so you can read about it on your own, and you don’t have to listen to them. You can take each one with a grain of salt—whatever is interesting to you.

However, I can tell you this: cyber losses—cyber attacks—are the largest growing type of risk in business. If you’re a small business or a large business and you don’t have this kind of coverage, take my word for it—it’s important. I can’t sell you cyber insurance anyway because you probably don’t live in a state where our agency can cover. But it is an important thing to be aware of. And you probably don’t even have to talk to an agent to buy this—you can probably buy it online.

The reason it’s important—here’s an article from inside the industry on how to sell insurance—so pretend you are a buyer. This is what you’re going to hear from your salesman. What are the facts about cyber attacks? The average cost of a data breach for a business is high. Forty percent of those target small to mid-sized businesses. So think about it—could your business afford a loss of $800,000?

Sixty-six percent of small businesses didn’t realize until six months later. What would it be like if you had a loss—like your building burned to the ground—but you didn’t know it for six months? This is a big deal. Here are some industries that are vulnerable, but it really extends beyond that.

You have different coverages—one covers you as a business for things like loss of electronic data, loss of income. What if you have to shut down for a week to fix all your servers and your mainframes? Could you afford to not have revenue for a week or more?

What if you have to pay an extortion ransom because a hacker has your entire system locked down—and if you don’t pay, they’re not going to release it? Or they have all your customer files and they’re going to put it out into the public?

You might also have to make notification. Many states and the federal government have requirements to notify impacted parties if a company has a data breach—meaning that if your company has data stolen from it that has customer information, even if that information is not disseminated or released, you have to notify the parties that it could happen. Sometimes, you also have to provide things like credit monitoring or dark web monitoring to make sure that they don’t have losses. If you don’t do it, you might have penalties and fines. Even if you do perform notifications, sometimes there are penalties and fines involved.

What else are costs? You might have damage to your reputation—meaning that if this happens, some of your clients might get wind of it and you might lose clients. You might lose customers. You might lose employees—because of a data breach that makes people insecure about the confidence in doing business with you or working for you.

You also can have third-party coverage—meaning that your clients could also have losses. What happens if you have a breach or hack of your system, and through that, the hacker is enabled to get into your client’s system? Maybe there’s a connection between your servers—from your computer to the client’s computers—and they could have losses. They could demand that you make them whole on that.

You can also have infringement of electronic media—maybe it’s social media, maybe it’s public records. So as an insurance professional, the experts say that many small business owners don’t feel like they need cyber insurance. It’s important to remind them that businesses—any business that makes transactions—is vulnerable.

Look, we’re not here to beat you up or to corner you to say you need to buy insurance. Just be aware of the risks that you have to your business if you don’t have insurance. If you decide not to get it because you’ve understood the risks and still want to go “bare” without coverage, that’s fine—as long as you understand the risk. But it’s important to know what the risks are.

And you can learn this on your own—you don’t need any insurance agent to go through this with you. You know your business more than anything else. Things like—do you accept credit card payments? Do you have a loyalty program? Do you have a mailing list that you store for your clients? Do you have a website? If a hacker gets into your website, they can do a lot of damage.

Do you access any third-party services on behalf of clients? Meaning that you use Salesforce, or Google Docs, or Dropbox—maybe your client can get through that. So these are all things that, as a small business, you want to be aware of.

Make sure that if you decide to not have coverage, you’re aware of the savings that you have for premium costs—and if it’s worth not having that expense to take on the liability for yourself. Either way, if you have coverage or not, you want to use industry best practices for protection of your data and records.

So that if something does happen, you can at least show regulators, government agencies, or your customers—look, we at least had some protections in place. Two-factor authentication, firewalls, updates, patches—those kinds of things. Because if you don’t do those and you do have a loss, your liability could actually be more—because it was considered negligent. You didn’t do the basics.

An insurance company, if you do have a policy, will help you make sure you know what those best practices are. They’ll tell you—believe me—every month: “Hey, are you doing your backups? Hey, do you have secure passwords? Are you changing your passwords?” They’ll remind you—almost bugging you about it. But it’s a good thing—because that’s their job—to help prevent losses.

You can get more information on our website. You can also do a consultation—without a sales pitch—from our consulting side. Tell a client. And if you have any questions, reach out to us anytime.