There are a number of things to consider before opening a small business. While many SMB owners take into consideration things like current economic conditions, regulatory changes, and even sustaining customer loyalty, one problem many of them forget about is cyberattacks.
It used to be that small and medium-sized businesses weren’t targeted as often as larger corporations. That’s no longer the case. Today, 62 percent of cyberattacks target small and mid-sized businesses.
The cost of a cyberattack can be devastating to a small-business owner. According to First Data, the average cost of a small-business data breach is $36,000, though it could reach or even exceed $50,000 by the time everything has been dealt with. 60 percent of small businesses who experience a data breach go out of business within six months.
Why small businesses are prime targets for security breaches
There are a number of factors, both internal and external, that put small businesses at risk for a data breach. Internal factors can include:
- Employee negligence: generally due to a lack of employee training related to data protection and cybersecurity
- Technology glitches: ranging from software that isn’t updated to a firewall breach
- Improper disposal of hardware: due to not having a storage or disposal procedure for confidential information
- Fewer Safeguards: small organizations lack the security of larger ones. Also, personal bank accounts and credit cards often don’t have the same protection that commercial accounts receive
External factors that put small businesses at risk for a data breach include:
- Hacking: a technical effort to upset the normal behavior of a network
- Hardware theft: when something containing sensitive information, like a computer or an external drive, is stolen
With more consumers trusting small businesses with their personal data, a security breach is the last thing small-business owners want to be confronted with. A lack of data protection by many SMB owners is causing cybercriminals to focus on these quick wins instead of more complicated hacks at larger companies and corporations.
What small businesses can do
What can small-business owners do about potential security threats that can cost them their businesses? The key to avoiding a cyberattack is to improve the defenses your business has against a potential breach. Cybersecurity practices may include:
- Creating a hierarchical cybersecurity policy: ensure your security specialist or compliance manager is on the same page with employees
- Keep software updated: be sure to adhere to messages that pop up on your computer about updating your software or systems
- Backup your information: keep current backups of important information protected and encrypted in a safe place
- Keep privilege at a minimum: assign each of your employees the least amount of admin accounts possible. Up their privilege if they can demonstrate it’s necessary to do their job
What else can SMB owners do to protect themselves from cyberattacks? Many don’t realize that their insurance coverage can (and should) include consumer data loss. While a standard business owner’s policy (BOP) includes property and liability insurance, they don’t often cover data loss, despite it being a threat that looms just as greatly as the possibility of fire, flood or property damage. Instead, many small-business insurance providers will cover the more standard things and send customers elsewhere for data coverage. Not only does this give busy small-business owners an extra task, it also gives them another insurance policy to keep track of.
A new concept in small-business insurance, biBERK (a Berkshire Hathaway company), addresses the risk of collecting consumer data for SMB owners. In fact, biBERK’s general liability coverage has a small amount of cyber coverage already built in. They also offer endorsements for full cyber coverage that policyholders would normally have to get outside of their regular insurance provider.
A business owner’s policy can be customized to address the needs and circumstances of a specific industry or policyholder. These endorsements, also known as riders, amend or add to an existing policy—like the base BOP—to change the terms or scope of the agreement. They can be added or changed at any time with the help of your insurance provider.
What better coverage could mean
What all can a data compromise endorsement include coverage for? Any number of things, including:
- Forensic IT investigation: a specialist who collects, analyzes and reports on digital data; can be used for detection or prevention or to find out where things went wrong after a cyberattack occurs
- Public relations services: the services of an outside firm needed to respond publicly to a data breach
- Legal defense: the legal representation needed by an owner after a cyberattack
- Settlement costs: in the event a settlement is required with victims of a data breach
Additional coverage can also include legal review, notification of affected individuals and more.
The bottom line: All business owners should make sure they’re covered in today’s tech climate. The latest innovations in insurance technology allow an SMB owner to answer just a dozen or so questions about their company online and receive a quote in minutes. While running a company can be complicated, finding the right small-business coverage should be simple.
Rakesh Gupta is the chief operating officer at biBERK, part of Warren Buffett’s Berkshire Hathaway company, specializing in commercial insurance for small businesses. In his role, Gupta is spearheading efforts to use predictive analytics, big data and other technology innovations to simplify the insurance buying process. His 25-plus years of leadership in technology services have paved the way for major breakthroughs in the travel, media and transportation industries. Gupta holds a dual Master of Science in computer science and