Many owners of small- and medium-sized businesses think they’re too small, or their data isn’t valuable enough, to require insurance against a cyberattack.
You may not be doing megadeals or storing the secret formula for Coca-Cola in your company’s computers, but you are still vulnerable to major financial and reputational damage by cybercriminals. In fact, hackers may target small businesses because they expect them to have weaker defenses. By the time you realize what has happened, you may have sustained major business losses.
The average cost of a data breach rose to $4.88 million in 2024, up 10% from last year, according to IBM. Some 70% of the 604 organizations surveyed said the breach caused significant disruptions. Recovery took more than 100 days even in the best-case situations, where businesses were actually able to fully recover. Many never did.
Any business with computers connected to the internet is at risk. Criminals may use malware to access bank account information and wire millions of dollars to a fraudulent account before it is detected by your bank. If your customers or clients pay you by check, be aware that cybercriminals are skilled at “washing checks” — removing the ink on check stock and changing the payee name and amount to their own benefit.
Business owners can reduce these risks by training employees to spot suspicious emails and downloads, securing their internet connections, and using antivirus software and updating it often. Other preventive measures include requiring users to provide more than a username and password to log in, monitoring cloud service provider accounts, and securing payment processing data. Also, have at least two people looking into and authorizing financial transfers, and buy adequate cyber insurance to protect you from a hacking attack or data breach.
Many small businesses set their policy limits at $1 million, but the most effective coverage choices are based on your security exposure and the kind and amount of data you store. Your business lawyer can help you make the wisest decisions, providing help with risk assessment, determining compliance requirements, and negotiating policy terms with insurers. The Small Business Administration maintains helpful cybersecurity resources for small businesses at sba.gov/cybersecurity.
