from the experts at TruShield Insurance
Cyber risks are very real in today’s digital age, especially for small business owners, yet in a recent TruShield Insurance poll, it was discovered that more than three quarters of Canadian small businesses operate without cyber insurance.
Here’s what you should know about cyber risks, and why protecting your business is so crucial:
1. Back Up Your Data Regularly.
33% of Canadian small businesses surveyed do not currently back up their data at least once a week. That may not seem like a lot, but considering how beneficial and easy it is to perform a back-up, that 33% should be a lot closer to zero. How often you back up your data directly correlates to how vulnerable your business is after a cyberattack.
Let’s say your business falls victim to ransomware, which locks you out of your own data, and the hackers responsible are attempting to ransom it back to you. If you happened to back up all your information a day before the cyberattack, your business would be in a better position to pick itself back up while you deal with the ransom issue. However, if you last performed a backup one month ago, there’s a greater chance that you’ll be locked out of important data, making it much harder for your business to resume operations. Ideally, your backed-up data is recent enough that you don’t even need to pay the ransom to get your locked data back. Instead, you can simply proceed with your backup version.
2. Customer Data Must Be Protected.
Our research found that of the Canadian small businesses surveyed that aren’t protected by cyber insurance, only 9% store their customers’ credit card information. On the other hand, more than half of those same non-insured businesses collect non-financial customer data such as phone numbers and email addresses. Even though businesses may be more likely to protect customer data of a financial nature, the reality is that all customer data is worth protecting equally. This is because hackers don’t need financial information to seriously damage a person’s finances. If a cyber criminal obtains credit card information, how long is their window of opportunity to use it for illegal activity? While it could take a month or two for customers and companies to realize a card was compromised, odds are the card gets cancelled quickly and has a relatively short shelf life. However, what if that same hacker got access to names, emails and home addresses, then checked online sources such as social media sites to gather enough personal information to commit identity theft? That kind of crime can take victims years to recover from.
Scenarios like the one above highlight some of the reasons that businesses have been hit with class-action lawsuits after their data was breached, even though none of the compromised information was finance related. Speaking of which…
3. Class-Action Lawsuits Are Just the Beginning…
Canadian small businesses seem well aware of the devastating impact a class action lawsuit can have on their company. Almost three quarters of the businesses we surveyed without insurance aren’t confident they have the financial resources to survive a class action lawsuit that may result from a cyberattack.
Sure, a class action lawsuit might end up being the biggest repercussion a business experiences from a cyberattack. However, if a business’ customer data gets leaked to the public and the customers impacted decide not to file a class action suit, does that mean the business is in the clear? Unfortunately not.
Cyberattacks, even without class action or other lawsuits, can severely damage a company’s reputation. Existing and potential customers may distance themselves from the hacked business as a precaution. Enlisting reputation-management professionals to handle the crisis can be a significant cost, and they aren’t the only pros you’d need to hire either. Recovering your compromised data from the cyber criminals and restoring it to your systems isn’t something you’ll want to do alone, even if your business is tech-savvy. And since it may take a while to get a business back up and running after a cyberattack, the amount of potential revenue lost during that process can quickly add up. In short, lawsuits are a risk to businesses that have undergone a cyberattack but they aren’t necessarily the only one, as other risks can be quite problematic as well.
4. Cyber Insurance is Important.
The most common way the Canadian small businesses surveyed justify not getting cyber insurance is that they “never really thought about it”. The second-most common justification is “I don’t think we need it.” The reason cyber insurance is worth considering is because it can help a business with every nightmare scenario mentioned above. If you forget to back up your data and experience a cyberattack, you’ll be glad you have insurance. If hackers get a hold of your customer data, financial or otherwise, you’ll be glad you have insurance. If you need to hire a reputation-management professional after your business gets hacked, insurance can help you cover the costs.
The reality is that any business, regardless of their size or resources, can be a few mouse clicks from getting cyberattacked. Thankfully, a cyber insurance policy to protect you is also just a few clicks away—and that’s a fact.
GET A QUOTE ONLINE – in Minutes!
Did you know that cyber threats are on the rise, with small and medium size businesses accounting for over 60% of all cyber attacks? TruShield’s New Small Business Cyber Insurance Package offers comprehensive first and third party protection designed to meet today’s evolving cyber risks:
First Party Coverage: helps protect businesses from Incident Response Expenses, Data Recovery Expenses, Business Interruption and E-commerce Extortion.
Third Party Coverage: helps protect businesses from Network Security and Privacy Liability, Internet Media Liability and Regulatory Expenses.
Small Business Cyber Assist: At no extra charge with cyber risk bundles, our new Cyber Assist assists with proactive measures to help businesses protect their data, and provides reactive assistance in the event of a breach.
A version of this article was previously published on TruShield.ca