The Prospect of Cyberattacks Got You Nervous? Cyber Insurance Can Help (If You Meet the Requirements, That Is)
What unites many small- and medium-sized businesses regardless of industry? The tendency to underestimate their own vulnerability to cybercriminals – and therefore the need to take proactive security measures.
The truth is that cybercriminals are always going for easy targets – and too often SMBs offer precisely that temptation. Fortunately, cybersecurity insurance is increasingly available to companies large and small, offering a needed layer of protection and a comforting backstop for if the worst happens.
So what’s the catch?
Being insurable means taking some foundational steps so that you can invest in this protective mechanism – as with anything else, insurance companies need to see you nailing the basics in order to view you as eligible. In this piece, we outline what cybersecurity insurance is, why you might want it, and how to take the first steps forward to embracing cybersecurity fundamentals.
What SMBs are up against
What’s the difference between large and small companies with respect to cybersecurity? It’s not size – it’s money. Large Fortune 500 and Global 2000 businesses have the means and the technical talent to shore up their defenses and strengthen their cybersecurity posture; SMBs typically don’t. This is why larger companies saw a bit of a decrease in attacks in 2021 – and it’s also why mid- and small-sized businesses experienced more, according to research by insurer Hiscox. Simply put, the attackers are seeking the faster, lower-effort path with SMB targets – and they’re finding it.
Other experts confirm this trend: cybercriminals are three times as likely to attack these small businesses, contributing substantially to the overall economic gut punch of such intrusions (currently projected to reach $10.5T by 2025).
What’s more: the majority of SMB owners expressed unconcern about the possibility of cyberattacks and confidence in their ability to weather any possible cyber storm, despite research that says exactly the opposite.
What cyber insurance companies are looking for
To get cyber insurance coverage, more and more companies will require some serious cyber hygiene. Every SMB should consider these factors:
Correctly configuring the services your business commonly uses.
One expert noted that more than 80 percent of ransomware attacks are directly correlated to cloud services configuration errors – and posited that cyberinsurance carriers will “require more stringent security controls and policies to contain this threat vector.”
Conducting a risk assessment and creating an incident response plan.
This ensures SMBs understand both their strengths and their vulnerable areas – and have anticipated ways to mitigate the impact of an attack. These also demonstrate a welcome proactive posture to the insurer.
Taking common-sense precautions.
Insurers are actively looking to see that companies have instituted measures which address the most significant areas of concern. For example, ransomware attacks increased 80 percent year over year, prompting a “mandate to enforce multi-factor authentication (MFA) across all admin access in a network environment as well as protect all privileged accounts.”
What SMBs should look for in cybersecurity insurance
It’s true that SMBs have to clear a couple of hurdles to get cybersecurity insurance but it’s equally necessary to ensure the coverage received is comprehensive. In other words, don’t sign up for just any insurance policy.
The Federal Trade Commission (FTC) offers some useful guidance. Must-haves include coverage for data breaches, cyberattacks on data held by vendors and other third parties, network breaches, cyberattacks that occur anywhere in the world, and terrorist acts. Nice-to-haves include the duty to defend, which means the insurer will defend a business in a lawsuit or regulatory investigation.
Consider two different kinds of coverage, the agency urges:
First party: This “protects your data, including employee and customer information” and pays for things like forensic investigatory services plus fees, fines and penalties related to any attacks.
Third party: This “generally protects you from liability if a third party brings claims against you” and includes elements like payments to consumers and litigation costs.
6 ways to be smarter with cybersecurity
When it comes to cybersecurity, there’s no reason to wait to do the smart things that protect a business. The Cybersecurity & Infrastructure Security Agency (CISA) recommendations are straightforward and include:
Educating staff to avoid common pitfalls like phishing and conducting simulations to prepare people for what to do in a cyberattack
Enforce strong password requirements for all and MFA for remote workers and admins
Identifying staff to act as “surge support” to enact an incident response plan in the event of an attack
Backing up critical data and regularly testing backup procedures to ensure data can get back up and running quickly
Automatically updating software to ensure patches and upgrades are made in a timely manner
Using a Managed Service Provider for security services, which offloads more specialized tasks and responsibilities to experts, lightening the load for SMBs
What’s next
Xerox’s cybersecurity experts have advised SMB clients in industries that range from small dental practices to large government contractors. Our assessments provide a neutral, objective, and actionable look at how you’re stacking up against your peer verticals. We pride ourselves on forging a planning partnership, where we collaborate hand-in-glove with clients like you to leverage our real-world experience and body of resources while reducing your cyber risk and meeting business objectives.
Contact us today to learn more about simple steps that will exponentially increase your business’s cybersecurity.
Xerox® IT Services
We help you manage, maintain and support your entire IT infrastructure.
We'll make sure IT doesn't hit the fan.
When IT goes wrong, everything else does too. Our managed IT services will make sure everything always runs smoothly.
Related Articles
AI Isn’t Going to Take Your Job
Discover how AI, in the hands of human experts, revolutionizes client experiences by addressing pain points and unlocking opportunities to deliver greater value.
The Advantages of Automation
Learn how Xerox® Robotic Process Automation Service provides customized solutions that free time and resources, unleashing businesses to dream even bigger and bolder than ever.
Xerox Managed IT Services’ webinar
Watch Tracy Walder and Xerox’s Roger Gregory as they explore Chinese espionage, cyber-attacks, and cybersecurity strategies in the digital age.
Xerox and ITsavvy Join Forces to Address Your IT Challenges
Xerox and ITsavvy's IT solutions are bringing IT services to more areas across the US, Canada, and U.K. with Generative AI, cybersecurity protection, and digital transformation solutions.
Managed IT Services Non-Profit Case Study
See how a major housing Nonprofit turned to Xerox for Managed IT Services and grew its capacity to serve at-risk people.
2024 BLI Pacesetter Business Service Awards
Discover how Keypoint Intelligence — Buyers Lab, Inc. (BLI) acknowledged our software's prowess in workflow automation, personalization, content management solutions, and digitization services.