Originally published October 27, 2021. Updated May 18, 2023.
On Oct. 4, 2022, it was announced that hackers hit CommonSpirit Health, who run over 140 hospitals and 2,000 healthcare centers across 21 states, with a ransomware attack. Malicious code seized control of the company's servers, restricting access until the hackers' ransom demands were met. The results of the ambush were downed systems and a disruption of patient care across hospitals tin several states.
Cyberattacks like the one that hit CommonSpirit Health are on the rise. Any business can fall victim to an attack or data breach, but cyberattacks — specifically defined as an attempt by a hacker to destroy, damage, extort, or steal information from a computer network or system — are often targeted at small-to-midsized companies.
Let’s be honest: Airtight cybersecurity hasn’t traditionally been a priority for small businesses. But it's a must in today's world, where digital technology permeates every aspect of life. Virtual systems contain near-limitless amounts of personal information, and customers and employees count on their business partners to keep that information private and secure.
Businesses don't think twice about protecting their interests from financial loss associated with damages and legal claims. Workers' compensation, covering job-related injuries, and general liability, covering customer injury, property damage, etc., are commonly purchased policies.
Why not insure against cyberattacks, the financial aftermath of which can devastate an organization? The good news is that affordable cyber liability insurance is now available to protect businesses from technology-related risks.
Read on to learn about cyber risks and why now is the time for business owners to protect their organizations with cyber liability insurance.
What is Cyber Liability Insurance?
Cyber liability insurance, also known as cyber security insurance, protects a business from internet-based risks and helps with recovery costs. It covers risks such as:
- Privacy and loss of customer information
- Data corruption or destruction
- Network disruptions due to ransomware and/or malware
- Human errors like phishing attacks and social engineering
Why do small businesses need Cyber Liability Insurance?
Small businesses are the perfect target for hackers because their systems often hold private customer data, like credit card and social security numbers, without the protections most large enterprises have:
- Smaller businesses typically don't have a solid front-line security system
- And they usually don't have a dedicated, in-house cyber security team to monitor the network
They are a quick and easy target, yet only 50% of small business owners say they have a cybersecurity plan in place, and 86% of companies are not financially prepared to recover from a cyberattack.
Between the loss of sensitive information, time, and money, coupled with customer distrust and legal fees, the risks of not protecting your business with cyber liability insurance are huge. Take a look at the top reasons why you should consider cyber liability insurance for your organization.
Cost of a Cyberattack
How expensive is it really to recover from a cyberattack? When a small business is unprepared and finds itself under a cyber security attack, the road to recovery is dim. Unfortunately, 75% of small businesses would not be able to continue operating if they were hit by a cyberattack, because the financial burden of recovery is too significant to bear.
According to IBM and the Ponemon Institute's 2022 Cost of a Data Breach Report, the average total cost of a cybersecurity breach reached a record high in the U.S. in 2022 of $4.35 million, with experts expecting the cost to rise to $5 million in 2023. Costs can mount from lost time, regulatory fines, and even reputational damage.
Lost Time
If a security breach takes down your organization's network, you'll face the cost of operational downtime. According to Gartner, the average cost of Information Technology (IT) downtime is $5,600 per minute. This equates to approximately $336,000 per hour.
Regulatory Fines
Regulations like the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) don't take non-compliance lightly, and the fines from a cyberattack can be hefty. In 2022, T-Mobile was fined $350M for a data breach that leaked the personal information of over 77 million customers.
Reputation
The cost of a cyberattack can wreak havoc on a company's image, negatively impacting customer loyalty.
A business that fails to protect its customers' information sufficiently can face irreparable reputational damage. On average, one-third of customers stop doing business with an organization that has been breached. Don't think twice about cyber liability coverage if your organization handles credit card or bank information, medical information, driver's license numbers, customer names, and/or email addresses.
Types of Cyberattacks
The frequency of cyberattacks is on the rise. In fact, 67% of businesses say they have experienced a cyberattack in just the past 12 months. According to the FBI Internet Crime Complaint Center, while they found a 5% decrease in in reported ransomware incidents, dollar losses increased significantly by 49%.
Cyberattacks are also becoming increasingly more sophisticated and challenging to identify. Take a look at the most common cyber threats that businesses face to understand how attacks occur.
- Malware is an umbrella term for malicious software, including the most common threats: viruses, ransomware, and spyware. Malware attacks can happen in many ways, including when a user clicks a dangerous link, downloads an unreliable app, or even through a discoverable Bluetooth connection. If malicious software is installed on a device, it can infiltrate the network, rendering the system inoperable and/or stealing sensitive data from the hard drive.
- Password Attacks: This occurs when a cybercriminal obtains your passwords to access your information. This attack can either be done through accessing or breaching a password database or by outright guessing.
- Phishing: A method by which malware is introduced to a device. This type of attack often comes in a fraudulent email but may also be on social networking platforms through direct messages, via phone (voice phishing), or even text messages (SMS phishing). The message contains a malicious link that gives an attacker access to your information. It may often look legitimate and can come from a sender's address that seems familiar at first glance. For example, if you're a client of FrankCrum, a hacker may send you an email from a @frankcurm.com email address. It takes careful attention to protect yourself from a phishing attack.
The difficult fact remains: No matter how careful you are as a computer user, you can't totally insulate yourself from the threat of a cyberattack.
In 2021, a major Russian ransomware syndicate was behind a cyberattack that targeted a software supplier, Kaseya, which sells software to help small business owners manage their IT and computer networks. Hackers used the software as a conduit to spread ransomware through cloud-service providers, crippling and wiping out the networks and files of 800 - 1,500 companies.
If you're contemplating whether or not to protect your organization with cyber liability insurance, keep in mind that in the digital age, it's not a matter of if your company will suffer a cyberattack, rather when.
Contact us today at 800-277-1620 to learn more about how you can protect your business from technology risks with FrankCrum's Enterprise Cyber Liability Program.